> > Stephan wrote: > >> Environment: squid/2.7.STABLE5 on win32. > >> Auth against Windows ActiveDirectory with mswin_auth.exe > >> > >> I want to allow one https-URL for all networkuser. > >> So i have added this ruleset: > >> > >> acl erlaubthttps dstdomain .domain.tld (where domain.tld is the URL i > >> want to allow) http_access allow erlaubthttps you must allow CONNECT method to .domain.tld, since proxying https means using CONNECT requests. > >> When i try to open this site i'll get the Username/Password prompt from > >> squid. > >> > >> When i test ist with normal http-Sites my rule is correct but with https > >> it wont work. > On Fri, 20 Mar 2009 09:55:51 -0800, Chris Robertson <crobertson@xxxxxxx> > wrote: > > Other http_access rules are interfering? > > You aren't using the cache for HTTPS requests? On 23.03.09 08:01, Stephan wrote: > i don't think that i don't cache HTTPS requests. The only way https can be cached is to use fake certificate, which most (all?) browsers will notice and report, deny CONNECT requests and intercept/deny all direct traffic. https is encrypted, which means that the proxy does NOT know what you are requesting, it only can from source/destination IP address, amount of data flowing and other indirect informations. > I don't have any rules for that. > > Other http_access rules are working! -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers.