Hi All, I have setup squid to authenticate with NTLM then BASIC with the ntlm_auth program. I believe that it is all working fine for most users but for an example my linux desktop with firefox i get prompted for my crendentials (thats fine) but when i go to https://www.facebook.com or pages that link to it i keep getting prompted for my password. the access.log shows this 1334186696.459 2 10.37.0.1 TCP_DENIED/407 4028 CONNECT www.facebook.com:443 - NONE/- text/html 1334186696.463 3 10.37.0.1 TCP_DENIED/407 4028 CONNECT www.facebook.com:443 - NONE/- text/html 1334186696.465 3 10.37.0.1 TCP_DENIED/407 4028 CONNECT www.facebook.com:443 - NONE/- text/html and my browser doesnt seem to present the credentals properly. Sites like https://www.westpac.com.au seems to work perfectly. I am now running firefox 11. Where would be the first place to start looking? Simon Config following [root@proxy1 ~]# cat /etc/squid/squid.conf # # Recommended minimum configuration: # cache_dir aufs /var/spool/squid 16384 32 512 cache_mem 1024 MB http_port 8080 snmp_port 3401 visible_hostname proxy1.mulawa.internal acl snmppublic snmp_community ng-community-ro snmp_access allow snmppublic snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 ignore_expect_100 on auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 30 auth_param basic realm TSG proxy-caching web server auth_param basic credentialsttl 8 hours url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf url_rewrite_children 30 acl BrownhouseIT src 10.37.0.0/24 acl GTALK_ports port 443 5222 5050 5223 acl GTALK_hosts dstdomain talk.google.com www.google.com acl GTALK_domains dstdomain .l.google.com acl GTALK_methods method CONNECT acl SSL_ports port 443 acl SSL_ports port 5222 acl SSL_ports port 5223 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl AuthorizedUsers proxy_auth REQUIRED acl UnauthorizedDomains url_regex microsoft.com acl UnauthorizedDomains url_regex verisign.com acl UnauthorizedDomains url_regex thawte.com acl UnauthorizedDomains url_regex crl.usertrust.com acl UnauthorizedServers src 10.20.0.77 acl UnauthorizedServers src 10.20.0.70 acl UnauthorizedServers src 10.20.0.191 acl oem-gc-host src 10.20.0.144 acl oem-gc-domain url_regex linux-update.oracle.com http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow BrownhouseIT GTALK_methods GTALK_ports GTALK_hosts http_access allow BrownhouseIT GTALK_methods GTALK_ports GTALK_domains http_access allow UnauthorizedServers http_access allow UnauthorizedDomains http_access allow oem-gc-host oem-gc-domain http_access deny !AuthorizedUsers http_access allow AuthorizedUsers http_access deny all
