Re: [squid-users] NTLM not working with HTTPS pages

From: Harry Mills <harry_at_mad-cat.co.uk>
Date: Fri, 20 Apr 2012 14:15:01 +0100

Hi Wladner,

I don't think this is causing your problems, but I think you need to
change the following:

Instead of:

http_access deny CONNECT !Safe_ports

try:

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

Also, on the last two lines of your included config you have:

acl AUTENTICADO proxy_auth REQUIRED
http_access allow AUTENTICADO

I simply have:

http_access allow proxy_auth

I have no idea if this will help, but worth giving it a try perhaps?

Regards

Harry

On 19/04/2012 19:49, Wladner Klimach wrote:
> Hello,
>
> I'm using NTLM scheme like this:
>
>
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30 startup=5 idle=5
> auth_param ntlm keep_alive on
>
> And it is working fine except for https pages. Here is my basic squid.conf:
>
>
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
> acl localhost src 127.0.0.1/32 ::1
> acl manager proto cache_object
>
> acl SSL_ports port 443
> acl SSL_ports port 1863
> acl SSL_ports port 563
> acl SSL_ports port 465
> acl SSL_ports port 995
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 563 # https
> acl Safe_ports port 465 # https
> acl Safe_ports port 995 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl CONNECT method CONNECT
>
> http_access deny CONNECT !Safe_ports
> http_access allow manager localhost
> http_access deny manager
> http_access deny to_localhost
>
> follow_x_forwarded_for allow localhost
> acl AUTENTICADO proxy_auth REQUIRED
> http_access allow AUTENTICADO
>
> regards,
>
> Wladner
Received on Fri Apr 20 2012 - 13:12:45 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 20 2012 - 12:00:04 MDT