Squid with LDAP-authentication: bypass selected URLs

Verwaiser <squid@xxxxxxxxxxxxxxxxx> · Tue, 15 Mar 2016 07:41:54 -0700 (PDT)

Hello,
we use user-authentication using a LDAP server. 
We want to use a pdf - document which connects to an internet address
(....europa.eu) for a kind of examination. The pdf doesnt ask for
proxy-authentification, so I tried to go around squid using ACLs like:

acl alle src 0.0.0.0/0.0.0.0
acl pdfdoc dstdomain "/etc/squid/urlListe"
http_access allow pdfdoc alle

with entries "europa.eu" and "*.europa.eu" and some more in the file
urlListe 

Also I tried:

acl CONNECT method CONNECT
acl wuCONNECT dstdomain webgate.ec.europa.eu
http_access allow CONNECT wuCONNECT

The result is allways the same: The Acrobat Reader tells "connection
failed".

In access.log I find:
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?
HTTP/1.1" 407 2066 "-" "Microsoft-CryptoAPI/6.1" TCP_DENI
ED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
HTTP/1
.1" 407 2219 "-" "Microsoft-CryptoAPI/6.1" TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://crl.globalsign.net/root.crl HTTP/1.1" 407 1889 "-"
"Microsoft-CryptoAPI/6.1" TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPMEBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhiMXAk3Q
3QqEElr8w7e7kcA%3D%3D HTTP/1.1" 407 2303 "-" "Microsoft-CryptoAPI/6.1"
TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl HTTP/1.1" 407 1955
"-" "Microsoft-CryptoAPI/6.1" TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "CONNECT
webgate.ec.europa.eu:443 HTTP/1.0" 200 3154 "-" "Mozilla/3.0 (compatible;
Acrobat 5.0; Windows)" TCP_MISS:DIRECT

Any idea if I can do something using squid.conf to establish connection?

Holger

PS: Using "internet at home" without squid the pdf-document works well.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-with-LDAP-authentication-bypass-selected-URLs-tp4676689.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users