On Mon, 4 Apr 2005, Mark Krawec wrote:
> Our configuration is squid-2.5.STABLE7 using squid_ldap_auth on RH 7.3.
> Our browser is IE 6.0 SP1 and users are running W2k.
> The problem is our users are getting an "invalid URL" error
> page from Squid when they go to a secure site as their first destination.
This is a bug in MSIE 6 (several versions) where it forgets to enable
SSL when asking for authentication.
IIRC you can work around the problem by disabling persistent connections.
Unfortunately incompatible with NTLM authentication.
> I've never seen a definitive answer on why this was happening and what was
> at fault (IE or Squid).
It is clearly IE at fault here. IMHO it is even an MSIE security issue
(not only a plain bug) as MSIE forgets to encrypt the request, which is
supposed to have been securely encrypted and never visible in plain text
to third parties like the proxy..
Regards
Henrik
Received on Mon Apr 04 2005 - 16:29:18 MDT
This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT