Oops. Ya - it's work's with Negotiate-NTLM-Basic sequence...
Strange - Firefox for Windows on Squid 2.7.6 don't work properly with
that sequence. That why I begin experiments with headers control. Now
all works right.
Thans for reply.
Amos Jeffries пишет:
> Oleg wrote:
>> Hi.
>>
>> Before Squid 3.0 I can change a Proxy-Authenticate header through
duplet:
>>
>> header_access Proxy-Authenticate deny browserFirefox osLinux
>> header_replace Proxy-Authenticate Negotiate
>>
>> That because first authenticate method is NTLM for IE.
>>
>> After upgrade to Squid 3.0, header_access directive fork into
>> request_header_access and reply_header_access. Implicate in my case I
>> change directive header_access to reply_header_access. BUT! Now
>> directive header_replace works only with request_header_access and don't
>> change a Proxy-Authenticate headers.
>>
>> How to resolve this problem without downgrade to Squid 2.7.6? Or may be
>> bypass this another way?
>
>
> From Squid-3, the proxy-authenticate headers are only relevant between
> browser and Squid. So always removed from client request before that
> request is passed to the web server.
> The *_header_access only apply to headers which are passed though from
> browser/client to server.
>
>
> Why is auth method an issue at all?
>
> Configuring the auth methods in right order should make the browsers use
> either method they prefer.
>
> I'd test the capability in 3.0 and see if it works okay now, before
> attempting to re-create an old hack.
>
> FWIW, IE on Vista prefers Negotiate to work most efficiently.
>
>
> Amos
Received on Mon Apr 20 2009 - 06:27:09 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 20 2009 - 12:00:02 MDT