On 7/19/2012 10:47 PM, Rick Chisholm wrote:
I have an NTLM auth proxy, but a number of apps do not seem to be smart
enough to pass credentials and this generates numerous squid
authentication pop-ups for users. I'm trying to eliminate this.
I was thinking of creating a browser ACL with entries the will cover the
browsers in use on the network and then try to use a NOT operator like
http_access allow !known_browsers
before the auth required setting.
thoughts?
this is a very very bad exploit so i wodn't ever cosider it.
it means that every user that will change the broeser id (firefox->
about:config -> change variable ->done)
can use your proxy.
if you will do such a thing at least but not least use
http_access allow localnet !known_browsers
i would suggest to analyze these apps.
they do use most of the time specific domains that you can allow without
any ntlm auth.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
