Re: [squid-users] multiple pop-up authentications when moving http to https

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 10 Sep 2009 15:42:46 -0800

Nick Duda wrote:
> We have squid setup for a test in reverse mode for using outlook web access. We have it setup to use authentication into active directory. Basically, if you are part of a certain AD group you get denied access to OWA via the proxy. So how this works is someone browses to OWA via HTTP (which is the proxy) and they get a pop-up prompt to login/authenticate. Once they authenticate the page that loads redirects them automatically to the HTTPS version of OWA, but squid pops-up the authentication box again because, what I guess, is that it's a new protocol (https) and needs to reauth the user.
>
> This is annoying to have 2 pop-ups. If the user just hits the HTTPS version of the URL its fine, but most people don't, and rely on the transparent HTTP->HTTPS redirection.
>
> Ideas on how to make this go away? Can I configure squid to do the redirection before authentication? If so, how?
>
> - Nick
>

Of the top of my head (not tested)...

acl myOWAserver dstdomain .owa.example.com
acl HTTP proto HTTP
# Deny access to the OWA server using HTTP
http_access deny myOWAserver HTTP
# Instead use HTTPS
deny_info https://owa.example.com/ HTTP

...would be the easiest method. Otherwise a
url_rewrite_program/http_access rule combination can be crafted which works.

Chris
Received on Fri Sep 11 2009 - 17:28:46 MDT

This archive was generated by hypermail 2.2.0 : Sat Sep 12 2009 - 12:00:02 MDT