On 7/19/2012 10:47 PM, Rick Chisholm wrote:
> I have an NTLM auth proxy, but a number of apps do not seem to be smart
> enough to pass credentials and this generates numerous squid
> authentication pop-ups for users. I'm trying to eliminate this.
>
> I was thinking of creating a browser ACL with entries the will cover the
> browsers in use on the network and then try to use a NOT operator like
>
> http_access allow !known_browsers
>
> before the auth required setting.
>
> thoughts?
>
>
this is a very very bad exploit so i wodn't ever cosider it.
it means that every user that will change the broeser id (firefox->
about:config -> change variable ->done)
can use your proxy.
if you will do such a thing at least but not least use
http_access allow localnet !known_browsers
i would suggest to analyze these apps.
they do use most of the time specific domains that you can allow without
any ntlm auth.
Regards,
Eliezer
-- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Thu Jul 19 2012 - 23:18:14 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 20 2012 - 12:00:01 MDT