[squid-users] Squid with LDAP-authentication: bypass selected URLs
Verwaiser
squid at mail.verwaiser.de
Tue Mar 15 14:41:54 UTC 2016
Hello,
we use user-authentication using a LDAP server.
We want to use a pdf - document which connects to an internet address
(....europa.eu) for a kind of examination. The pdf doesnt ask for
proxy-authentification, so I tried to go around squid using ACLs like:
acl alle src 0.0.0.0/0.0.0.0
acl pdfdoc dstdomain "/etc/squid/urlListe"
http_access allow pdfdoc alle
with entries "europa.eu" and "*.europa.eu" and some more in the file
urlListe
Also I tried:
acl CONNECT method CONNECT
acl wuCONNECT dstdomain webgate.ec.europa.eu
http_access allow CONNECT wuCONNECT
The result is allways the same: The Acrobat Reader tells "connection
failed".
In access.log I find:
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?
HTTP/1.1" 407 2066 "-" "Microsoft-CryptoAPI/6.1" TCP_DENI
ED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH
HTTP/1
.1" 407 2219 "-" "Microsoft-CryptoAPI/6.1" TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://crl.globalsign.net/root.crl HTTP/1.1" 407 1889 "-"
"Microsoft-CryptoAPI/6.1" TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPMEBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhiMXAk3Q
3QqEElr8w7e7kcA%3D%3D HTTP/1.1" 407 2303 "-" "Microsoft-CryptoAPI/6.1"
TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "GET
http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl HTTP/1.1" 407 1955
"-" "Microsoft-CryptoAPI/6.1" TCP_DENIED:NONE
192.168.12.23 - - [15/Mar/2016:10:32:37 +0100] "CONNECT
webgate.ec.europa.eu:443 HTTP/1.0" 200 3154 "-" "Mozilla/3.0 (compatible;
Acrobat 5.0; Windows)" TCP_MISS:DIRECT
Any idea if I can do something using squid.conf to establish connection?
Holger
PS: Using "internet at home" without squid the pdf-document works well.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-with-LDAP-authentication-bypass-selected-URLs-tp4676689.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list