Re: [squid-users] squid + auth + safari + SSL = TCP_DENIED/407

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 01 May 2009 16:15:19 +1200

Gavin McCullagh wrote:
> Hi,
>
> one of our Mac people has been complaining that he can't get into certain
> SSL sites. I borrowed a MAC and found that these does indeed seem to be a
> problem, though apparently not on all SSL sites (a login on www.bebo.com)
> is an example that does give the problem. I'm not sure of this but it
> looks like it might be where there's a POST request over SSL.
>
> I noticed this:
>
> http://www2.tr.squid-cache.org/mail-archive/squid-users/200709/0109.html
>
> so I tried turning off authentication and it worked.
>
> I'm using squid-2.6-stable18 which I'm well aware is old. Is this a bug in
> squid or safari or is this known for sure? Does anyone know if an upgrade
> to squid would sort it out?
>
> If not, I may have to put in an ACL either to allow:
>
> - all macs to be unauthenticated
> - all SSL to be unauthenticated
> - all requests with safari browser strings using SSL to be unauthenticated
>
> or something like that. Has anyone had to do this? Is there a known "best
> way"?
>
> Thanks in advance,
> Gavin
>

This one seems like a browser bug like Henrik says in that post you found.

The only part Squid has in any of this is to open a CONNECT tunnel and
shove data bits between browser and server. And auth credentials,
challenge or POST content which goes through the tunnel is not touched
by Squid in any way.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7
Received on Fri May 01 2009 - 04:15:27 MDT

This archive was generated by hypermail 2.2.0 : Fri May 01 2009 - 12:00:02 MDT