Thanks for the reply. Incase this becomes an issue with a site many users need to access, what is the best way to bypass squid entirely for specific sites? Is there a clean, easy way to do it? I am running Ubuntu as my squid server. Thanks again. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Tuesday, June 19, 2012 9:28 PM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: Cant login to certain flash page via squid? On 20.06.2012 09:13, Terry Dobbs wrote: > When users are going through squid there are certain pages, like the > one > I mentioned where you just can't click a specific button. It always > seems flash related. If I reconfigure this user to not use squid I > can > use the page just fine. This leads me to believe its not solely a > browser issue. > > When I say I told it to ignore I meant in the squid.conf file, where > I > allowed access to that specific domain without any kind of > authentication. Thinking about it, I understand this step is pretty > pointless as squid still processes the site. However I have had > success > in the past by allowing access to sites before the proxy_auth > required > command. > > Not really sure what the issue is, but it seems to happen with just a > handful of random sites. Flash player is separate software not permitted access to the browsers internal password manager information. * Flash player does not provide any means for users to enter passwords unless the HTTP request is a GET. * Flash script frameworks do not provide easily available support unless the HTTP request is a POST. * recent Flash versions prevent HTTP authentication unless the visited *website* provides explicit file-based (ONLY file based) CORS support for the relevant headers. NP: as documented this would prohibit Proxy-Authentication. Website authentication only works if the author who wrote the script knows how to write a) the user I/O interface and b) the relevant encryption algorithms (rare for anything better than Basic auth), and c) adds explicit CORS support to their site. AND decided it was worth the trouble. As a result HTTP authentication of any type rarely works in Flash applications. Proxy authentication has never been reported working, not to say it can't, just that in my experience nobody has ever mentioned seeing it happen despite common complaints here and in many other places online. Personally I rate Flash as a worse problem than Java in this regard. At least Java provides libraries and API making it easy for developers who know where to look (most seem not to use it, but that is a knowledge/time issue not a technical barrier). Amos
