On 19/03/2012 12:33 p.m., Milen Pankov wrote:
Hi,
I have been using squid with basic authentication from quite some time
without problems while recently I discovered that anyone can open https
addresses trough the proxy without authenticating. If someone refuses
the authentication dialog (clicks on Cancel) and receives a squid access
denied error page after that he can type an https address in the address
bar and it will open fine. I can't seem to find something wrong with the
configuration and I can't seem to find any info on this behavior
anywhere. Would appreciate if someone helps. I am using squid 3.1.6.
Tried the current 3.1.19 release?
Is the second HTTPS request even going through the proxy?
What is the rest of the config look like?
The partial piece of config you posted has no holes which this could be
using.
Amos
