Hi list, i searched in the archives and other forums but could not find a solution (only descriptions!) for the following problem, which causes quite a lot annoyance for our apple users, i hope someone on this has a solution for this: we are using squid 2.5.9 on a recent debian linux box with one password for all users. for most browsers and applications theres is no problem at all, but users which are using Safari 2.x on a recent Mac OS X 10.4. are forced to retype the proxy username and password on some web pages delivered via https, not only once but several times! this occures on pages like "web.de" or "https://www.editorialmanager.com/mc/";. actually it seems that Safari does not send the proxy username and password to squid but as others (another institute) reported that they have no problems at all i am wondering if there might by a configuration problem. other browsers like netscape, firefox or opera work without problems, but some of our users do not want to switch! if the error occurs i am finding the following in /var/log/squid/access.log: ===== /var/log/squid/access.log ===== 1157445010.280 3 192.168.0.35 TCP_DENIED/407 1711 CONNECT img.web.de:443 - NONE/- text/html 1157445010.347 144 192.168.0.35 TCP_MISS/200 1984 CONNECT freemailng2402.web.de:443 proxyuser DIRECT/217.72.196.3 - 1157445011.001 8 192.168.0.35 TCP_DENIED/407 1744 CONNECT freemailng2402.web.de:443 - NONE/- text/html 1157445058.071 159 192.168.0.35 TCP_MISS/200 7649 CONNECT freemailng2402.web.de:443 proxyuser DIRECT/217.72.196.3 - 1157445058.938 1388 192.168.0.35 TCP_MISS/200 16769 CONNECT img.web.de:443 proxyuser DIRECT/217.72.200.153 - 1157445059.081 1181 192.168.0.35 TCP_MISS/200 6014 CONNECT img.web.de:443 proxyuser DIRECT/217.72.200.153 - 1157445059.087 1190 192.168.0.35 TCP_MISS/200 9702 CONNECT img.web.de:443 proxyuser DIRECT/217.72.200.153 - 1157445059.142 1282 192.168.0.35 TCP_MISS/200 8938 CONNECT img.web.de:443 proxyuser DIRECT/217.72.200.153 - ===== /var/log/squid/access.log ===== running squid in debug mode i see (only parts with errors): ===== Squid Debug output ==== 2006/09/05 10:30:10| parseHttpRequest: req_hdr = {Host: freemailng2402.web.de User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3 } 2006/09/05 10:30:10| parseHttpRequest: end = {} 2006/09/05 10:30:10| parseHttpRequest: prefix_sz = 187, req_line_sz = 44 2006/09/05 10:30:10| clientSetKeepaliveFlag: http_ver = 1.0 2006/09/05 10:30:10| clientSetKeepaliveFlag: method = CONNECT [snipp] 2006/09/05 10:30:10| aclMatchAcl: checking 'acl testacl proxy_auth REQUIRED' 2006/09/05 10:30:10| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2006/09/05 10:30:10| aclMatchAcl: returning 0 sending authentication challenge. 2006/09/05 10:30:10| aclMatchAclList: no match, returning 0 2006/09/05 10:30:10| aclCheck: requiring Proxy Auth header. 2006/09/05 10:30:10| aclCheck: match found, returning 2 2006/09/05 10:30:10| aclCheckCallback: answer=2 2006/09/05 10:30:10| The request CONNECT freemailng2402.web.de:443 is DENIED, because it matched 'testacl' 2006/09/05 10:30:10| clientSendMoreData: Appending 1313 bytes after 324 bytes of headers 2006/09/05 10:30:11| connStateFree: FD 15 2006/09/05 10:30:11| httpRequestFree: freemailng2402.web.de:443 ======= is this really a bug in Safari (just tested again with the latest version 2.0.4) or is there some incompatibility? any ideas how i can solve this (apart from using a different browser!)?? my squid.conf: ======= /etc/squid/squid.conf hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY debug_options ALL,1 auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 128.0.0.0/8 acl purge method PURGE acl CONNECT method CONNECT acl testnet proxy_auth REQUIRED http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow testnet http_access deny all http_reply_access allow all icp_access deny all icp_access allow testnet visible_hostname testproxy.biochem.mpg.de coredump_dir /var/spool/squid ======= thanks in advance for any hints!! regards markus -- Markus Krause email: krause@xxxxxxxxxxxxxx Mogli-Soft: Support for Mac OS X, Webmail/Horde, LDAP, RADIUS by order of the Computing Center of the Max-Planck-Institute of Biochemistry Tel.: 089 - 89 40 85 99 Fax.: 089 - 89 40 85 98 --------------------------------------------------------------------- This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to rz-linux@xxxxxxxxxxxxxx
