Thanks for the reply.
Incase this becomes an issue with a site many users need to access, what
is the best way to bypass squid entirely for specific sites? Is there a
clean, easy way to do it? I am running Ubuntu as my squid server.
Thanks again.
-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Tuesday, June 19, 2012 9:28 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Cant login to certain flash page via squid?
On 20.06.2012 09:13, Terry Dobbs wrote:
> When users are going through squid there are certain pages, like the
> one
> I mentioned where you just can't click a specific button. It always
> seems flash related. If I reconfigure this user to not use squid I
> can
> use the page just fine. This leads me to believe its not solely a
> browser issue.
>
> When I say I told it to ignore I meant in the squid.conf file, where
> I
> allowed access to that specific domain without any kind of
> authentication. Thinking about it, I understand this step is pretty
> pointless as squid still processes the site. However I have had
> success
> in the past by allowing access to sites before the proxy_auth
> required
> command.
>
> Not really sure what the issue is, but it seems to happen with just a
> handful of random sites.
Flash player is separate software not permitted access to the browsers
internal password manager information.
* Flash player does not provide any means for users to enter passwords
unless the HTTP request is a GET.
* Flash script frameworks do not provide easily available support
unless the HTTP request is a POST.
* recent Flash versions prevent HTTP authentication unless the visited
*website* provides explicit file-based (ONLY file based) CORS support
for the relevant headers. NP: as documented this would prohibit
Proxy-Authentication.
Website authentication only works if the author who wrote the script
knows how to write a) the user I/O interface and b) the relevant
encryption algorithms (rare for anything better than Basic auth), and c)
adds explicit CORS support to their site. AND decided it was worth the
trouble.
As a result HTTP authentication of any type rarely works in Flash
applications. Proxy authentication has never been reported working, not
to say it can't, just that in my experience nobody has ever mentioned
seeing it happen despite common complaints here and in many other places
online.
Personally I rate Flash as a worse problem than Java in this regard. At
least Java provides libraries and API making it easy for developers who
know where to look (most seem not to use it, but that is a
knowledge/time issue not a technical barrier).
Amos
Received on Wed Jun 20 2012 - 18:11:19 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 21 2012 - 12:00:03 MDT