Tom Tux wrote:
Hi Amos
Thanks a lot for this informations.
Is it usual/normal, that all https-requests have this error?
100% depends on your configuration file.
1282899033.246 0 xx.xx.xx.xx TCP_DENIED/407 3720 CONNECT
mail.google.com:443 - NONE/- text/html
As I already mentioned: The sites, which are denied in the access.log,
are normal accessible and appears correctly (this is, what I don't
understand....mmmh....).
I think, that I don't have rules, which explicitly require another
authentication instead of kerberos. Here is an extract of my
407 does not mean try "other" authentication.
It means "send me your login or go away".
The browser is failing to send kerberos login details so gets sent a
407. It reacts by:
(a) sending the credentials and being allowed,
or (b) doing a popup for the user,
or (c) showing the user an error page.
squid.conf:
The ACL "INTERNET_ACCESS" is an external_acl with squid_kerb_ldap:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Block invalid Users
http_access deny !INTERNET_ACCESS
* requires login details to be supplied before it can be tested.
If login is not provided already Squid sends 407.
http_access allow INTERNET_ACCESS
* requires login details to be supplied before it can be tested.
http_access deny all
When I trace the http/https-traffic with httpfox (firefox-addon), then
I got also no errors or denies back.
Thanks a lot for all helps.
Tom
The configuration you have displayed requires login details to be
supplied before *ANY* web request is permitted.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.7
Beta testers wanted for 3.2.0.1
