mån 2009-07-20 klockan 12:30 +0200 skrev Gontzal:
In the access.log of the parent proxy I get:
1248084163.393 131533 172.28.129.250 TCP_MISS/000 2696 CONNECT
tp.seg-social.es:443 - DEFAULT_PARENT/172.16.100.230 -
Which says the request as successfully forwarded to the parent
172.16.100.230,
Hi Amos,
I send the trace as requested, yesterday I just came back from
holidays and I was out:
CONNECT tp.seg-social.es:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES;
rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 (.NET CLR 3.5.30729)
Proxy-Connection: keep-alive
Host:
Hi Amos,
First of all sorry for the delay.
Yes, the header_access tag it's not accepted on 3.0 S 16, I've tried
with reply_header_access with the same result: none. Same entries on
access.log:
172.28.3.186 - - [20/Jul/2009:12:10:26 +0200] CONNECT
tp.seg-social.es:443 HTTP/1.1 407 2015
Gontzal wrote:
Hi Amos,
First of all sorry for the delay.
Yes, the header_access tag it's not accepted on 3.0 S 16, I've tried
with reply_header_access with the same result: none.
By none you mean Java still getting the NTLM Proxy_auth header?
Do you have a trace of the 407 reply from Squid
Responses in the message.
2009/7/20 Amos Jeffries squ...@treenet.co.nz:
Gontzal wrote:
Hi Amos,
First of all sorry for the delay.
Yes, the header_access tag it's not accepted on 3.0 S 16, I've tried
with reply_header_access with the same result: none.
By none you mean Java still getting
Hi,
I've recompiled squid, now 3.0 stable 16 on a non-production opensuse
10.3 server with the --enable-http-violations option
I've added the following lines to my squid.conf file:
acl Java browser Java/1.4 Java/1.5 Java/1.6
header_access Proxy-Authenticate deny Java
header_replace
On Wed, 1 Jul 2009 12:56:43 +0200, Gontzal gontz...@gmail.com wrote:
Hi,
I've recompiled squid, now 3.0 stable 16 on a non-production opensuse
10.3 server with the --enable-http-violations option
I've added the following lines to my squid.conf file:
acl Java browser Java/1.4 Java/1.5
Hi Kevin,
Thanks for your post, I think is a very good solution to the Java security hole.
I've seen that for using header_access and header_replace you need to
compile with the --enable-http-violations. My question is, if I
compiled squid without this option, is there any way to add this
I agree this does look like a good clean solution. I'll look at
implementing a small on/off toggle to do only this change for safer Java
bypass. May not be very soon though. What version of Squid are you using?
Meanwhile yes, you do have to add the option to the ./configure options and
This what your looking for?
acl javaNtlmFix browser -i java
acl javaConnect method CONNECT
header_access Proxy-Authenticate deny javaNtlmFix javaConnect
header_replace Proxy-Authenticate Basic realm=Internet
now only https/ssl access from java will have basic auth and so a
password dialog.
Dear All,
Please reply if we have some solution for the problem. I am stuck with
the problem my server is live and i can't afforded to allow the java
sites to unauthorized users in the network.
Regards,
Nitin B.
Nitin Bhadauria wrote:
Dear All,
I have the same problem ..
Everytime a
Dear All,
I have the same problem ..
Everytime a browser proxying through squid tries to load a secure java
applet, it comes up with a red x where the java applet should be.
So I have bybass those sites for authentication, But the problem is
users how don't have permission to access
I have squid-2.5.STABLE3-6.3E.8 (RedHat ES 3 RPM) configured to do
NTLM authentication using winbind. This works great, however, Java
applets prompt for a login, but never accept it. Is there a way to
get Java applets to work? They work fine through the old proxy that
does basic authentication
On Fri, 22 Apr 2005, Matt Alexander wrote:
I've successfully configured Squid to use our Active Directory server for
authentication, however, there's one remaining problem... If the page
contains a Java applet, then the user gets a popup Java authentication dialog
box. However, the correct
I've successfully configured Squid to use our Active Directory server
for authentication, however, there's one remaining problem... If the
page contains a Java applet, then the user gets a popup Java
authentication dialog box. However, the correct username and password
are never accepted,
15 matches
Mail list logo
