We ended up using AD Group policy to not go through the proxy for that site... not ideal, but just to make sure I understand the other way to do it.... You can put the http_access with the acl before the http_access allow_ntlm and it should work? --- Mark Elsen <mark.elsen@xxxxxxxxx> wrote: > > Is it possible to have my ntlm users go around 1 > > domain? We can't seem to get a state web site > (which > > uses a weird front end to it's client... but it > ends > > up on the web) to go through the proxy. When we > sniff > > the traffic locally, it is popping up a 407, but > their > > isn't anyway to log in. > > > > I tried to put an acl and http_access higher in > the > > list in the .conf, but that didn't seem to matter? > > > > It would have been more productive to show that > line, which you put > for that domain in squid.conf, offhand & probably it > should > resemble something like this : > > acl ntlm_go_around dstdomain name-excluded-domain > ... > > http_access allow ntlm_go_around > http_access allow ntlm_users (provided proxy > AUTH ACL is named 'ntlm_users') > > M. > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
