On Sat, 22 Nov 2003, Serassio Guido wrote:
> With IE 6 SP1, when browsing a ftp:// url, IE always pop-ups for
> authentication when trying to download internal ftp icons from Squid.
> But changing the IE default security settings for Internet Zone from "User
> Authentication->Logon->Prompt for user name and password" to "User
> Authentication->Logon->Automatic logon with current username and password"
> seems to avoid the problem.
Ok. Makes sense.
What I think happens here is that your browser is going direct for the
icons rather than using the proxy (same port, different concept). Then the
authentication is technically to another server even if it happens to have
the same ip:port as the proxy.
You should only see this popup once per session (or until the login
expires from IE)
> acl internal_icons urlpath_regex [-i] \/squid-internal-static/icons/$
> acl test proxy_auth REQUIRED
>
> http_access allow internal_icons
> http_access allow test
> http_access deny all
This is generally to recommend in any authentication setups, assuming you
have first limited access on source IP. Try using basic authentication
only and you will see why..
> I think that in squid this anomalous browser behaviour is not handled
> correctly, causing the wrong NTLM challenge reuse.
It is not an anomalous browser behaviour if my assumption above is
correct. Nor should it be related to the issue with challenge reuses even
if reuses are disabled..
Regards
Henrik
Received on Sat Nov 22 2003 - 07:03:49 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:47 MST