Hi Amos, First of all sorry for the delay. Yes, the header_access tag it's not accepted on 3.0 S 16, I've tried with reply_header_access with the same result: none. Same entries on access.log: 172.28.3.186 - - [20/Jul/2009:12:10:26 +0200] "CONNECT tp.seg-social.es:443 HTTP/1.1" 407 2015 TCP_DENIED:NONE In the access.log of the parent proxy I get: 1248084163.393 131533 172.28.129.250 TCP_MISS/000 2696 CONNECT tp.seg-social.es:443 - DEFAULT_PARENT/172.16.100.230 - This is part of my conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 50 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm ProxySquid auth_param basic credentialsttl 2 hours external_acl_type winbind_group children=10 %LOGIN /usr/sbin/wbinfo_group.pl acl Java browser Java/1.4 Java/1.5 Java/1.6 acl javaConnect method CONNECT reply_header_access Proxy-Authenticate deny Java javaConnect header_replace Proxy-Authenticate basic realm=ProxySquid and after that the http_access tags Another question, the realm value must be the same as defined on "auth_param basic realm ProxySquid " or may be the domain name as defined on smb.conf? In my case it's not the same value. 2009/7/2 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On Wed, 1 Jul 2009 12:56:43 +0200, Gontzal <gontzalp@xxxxxxxxx> wrote: >> Hi, >> >> I've recompiled squid, now 3.0 stable 16 on a non-production opensuse >> 10.3 server with the --enable-http-violations option >> I've added the following lines to my squid.conf file: >> >> acl Java browser Java/1.4 Java/1.5 Java/1.6 >> >> header_access Proxy-Authenticate deny Java >> header_replace Proxy-Authenticate Basic realm="XXXX" >> >> The header tags are before the http_access tags, I don't know if it is >> correct. I've also disable the option http_access allow Java >> >> Squid runs correctly but when i check for java, it doesn't work, it >> don't ask for basic auth and doesn't show the java applet page. >> >> On the access log it shows lines like this one: >> >> (01/Jul 12:46:01) (TCP_DENIED/407/NONE) (172.28.3.186=>172.28.129.250) >> (tp.seg-social.es:443) text/html-2226bytes 1ms >> >> I've changed the identity of my browser from firefox to java and it >> browses using ntlm auth instead of asking for user/passwd >> >> Where can be the problem? > > In squid-3 the header_access has been broken in half. > > I believe you are needing to use reply_header_access. > > Amos > >> >> Thanks again! >>
