RE: [squid-users] multiple pop-up authentications when moving http to https

From: Nick Duda <nduda_at_VistaPrint.com>
Date: Fri, 11 Sep 2009 12:48:50 -0400

It is the same domain, but it is definitely the switching of protocols. I fixed this by having squid redirect http to https before the auth popup using:

acl httpPort myport 80
http_access deny httpPort
deny_info https://owa.server.domain/owa httpPort
http_access allow OWA_Allowed
http_access deny all

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Thursday, September 10, 2009 8:37 PM
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] multiple pop-up authentications when moving http to https

Nick Duda wrote:
> We have squid setup for a test in reverse mode for using outlook web access. We have it setup to use authentication into active directory. Basically, if you are part of a certain AD group you get denied access to OWA via the proxy. So how this works is someone browses to OWA via HTTP (which is the proxy) and they get a pop-up prompt to login/authenticate. Once they authenticate the page that loads redirects them automatically to the HTTPS version of OWA, but squid pops-up the authentication box again because, what I guess, is that it's a new protocol (https) and needs to reauth the user.
>
> This is annoying to have 2 pop-ups. If the user just hits the HTTPS version of the URL its fine, but most people don't, and rely on the transparent HTTP->HTTPS redirection.
>
> Ideas on how to make this go away? Can I configure squid to do the redirection before authentication? If so, how?

Provided you have HTTPS and HTTP on the same domain name they will only
need to auth once.

What I think is actually happening is this:

  - login to Squid
  - login to OWA

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19
   Current Beta Squid 3.1.0.13
Received on Fri Sep 11 2009 - 16:48:54 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 11 2009 - 12:00:02 MDT