Re: [squid-users] how to dynamically reconfigure squid?

From: Waldemar Brodkorb <mail_at_waldemar-brodkorb.de>
Date: Wed, 9 Apr 2014 07:16:27 +0200

Hi,
Amos Jeffries wrote,

> > What do you think? What might be a solution to this problem? I can't
> > restart squid when changing the ACL rules, because then all users in
> > the network would be disconnected.
>
> You could set the request_timeout to be short. This would make the
> CONNECT requests terminate after a few minutes.

Will try that.
 
> You could also use SSL-bump feature in Squid. This has a double benefit
> of allowing the control software acting on the HTTPS requests and
> preventing SPDY etc. being used by the browser.
 
This is not wanted by my boss. Probably because of ethical reasons.
If a user uses https, he normally believes his traffic is secure and
we want that this is the case.

Going back to the initial problem, slow NTLM authentications with
newer browsers. Would it be worth to switch completely to Negotiate?
Or is it possible to cache the NTLM authentication results, so that
Squid does not need to fork a ntlm auth helper on every request?

Thanks
 Waldemar
Received on Wed Apr 09 2014 - 05:16:35 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 09 2014 - 12:00:05 MDT