Oleg wrote:
Hi.
Before Squid 3.0 I can change a Proxy-Authenticate header through duplet:
header_access Proxy-Authenticate deny browserFirefox osLinux
header_replace Proxy-Authenticate Negotiate
That because first authenticate method is NTLM for IE.
After upgrade to Squid 3.0, header_access directive fork into
request_header_access and reply_header_access. Implicate in my case I
change directive header_access to reply_header_access. BUT! Now
directive header_replace works only with request_header_access and don't
change a Proxy-Authenticate headers.
How to resolve this problem without downgrade to Squid 2.7.6? Or may be
bypass this another way?
From Squid-3, the proxy-authenticate headers are only relevant between
browser and Squid. So always removed from client request before that
request is passed to the web server.
The *_header_access only apply to headers which are passed though from
browser/client to server.
Why is auth method an issue at all?
Configuring the auth methods in right order should make the browsers use
either method they prefer.
I'd test the capability in 3.0 and see if it works okay now, before
attempting to re-create an old hack.
FWIW, IE on Vista prefers Negotiate to work most efficiently.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
