RE: [squid-users] A couple new problems

Thanks for the responses.

Okay, now another question. I think I know the answer (no) but I figured
someone smarter than me may have figured out a workaround. Is there any
way to have squid refuse to proxy local connections? I can do it from the
client side without issue, but it would be easier to administer if it was
centralized at the squid box. Any thoughts? I'm not doing transparent
proxying, which would also make it fairly easy through redirect rules...

-----Original Message-----
From: Squid Support (Henrik Nordstrom) [mailto:hno@marasystems.com]
Sent: Wednesday, May 15, 2002 5:23 AM
To: Brian Palmer; 'squid-users@squid-cache.org'
Subject: Re: [squid-users] A couple new problems

On Tuesday 14 May 2002 22:38, Brian Palmer wrote:
> Hi folks,
> Been using squid happily for about a year now, but I've run
> across a couple issues that I can't seem to sort out. I've got a
> user that needs to connect to a website that uses NT CHAP
> authentication. If the user goes through the proxy it just spits
> back an authentication error without being prompted for a password.
> Can Squid proxy CHAP? Didn't see anything in the FAQ regarding it
> one way or the other.

No, MS NTLM over HTTP cannot be proxied, not even by MS PROXY (or
ISA) when being used as a HTTP proxy. This is due to a design flaw in
the MS NTLM over HTTP protocol.

Regards
Henrik

-- 
MARA Systems AB, Giving you basic free Squid support
Your source of advanced web reverse proxying solutions
http://www.marasystems.com/products/