On 9/03/2012 1:07 a.m., JC Putter wrote:
> Amos,
>
> Thank you for the reply.
>
> Sorry I meant 3.0 STABLE 19.
Please at minimum upgrade to 3.0.STABLE26 then, if possible 3.1.19.
There are a handful of major security vulnerabilities in between.
> The Zimbra Desktop client connects via port 443 and I have the standard ACL;
>
> http_access deny !Safe_ports
> http_access deny !SSL_ports
>
> however when I change the ACL to (very insecure)
>
> http_access allow CONNECT (without the exception of !SSL_ports) the zimbra client connects...
>
> no too sure if my ACL is incorrect or if a need to add additional ports in the ACL however according to Zimbra 443 is the only one required.
The ACL you list above is not the defaults. The correct default is:
http_access deny CONNECT !SSL_ports
SSL_Ports should only contain the HTTPS ports you permit requests to.
> I ran wireshark trace I can confirm that the proxy offers all configured authentication schemes and the client responds with a Kerberos ticket.
Okay. It would seem to be some other part of the configuration. If you
want a proper analysis please post your whole config (without the
comments and empty lines though).
Amos
Received on Thu Mar 08 2012 - 12:44:20 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 08 2012 - 12:00:02 MST