[squid-users] permit google chrome updates

Amos Jeffries squid3 at treenet.co.nz
Tue Mar 2 16:27:33 UTC 2021

On 3/03/21 1:59 am, jmpatagonia wrote:
> Yes the proxy have external authentication --> auth_param basic program 
> /usr/lib/squid/basic_ldap_auth....
> but I receive a lot of request from users like
> 02/Mar/2021:12:45:02 -0300 || - || xx.xx.xx.xxxx || TCP_DENIED/407|| 
> CONNECT || update.googleapis.com:443 || text/html
> I think the users use the browser for local network services and not 
> validate on proxy, but the browser (chrome) still trying to use the 
> proxy for update.
> How can I fix this ?

No secure client will send login credentials unless they are actually 
needed. 407 are simply a message from the proxy telling the client to 
send credentials, and what type(s) to send (eg Basic).

First check that these requests are not followed almost immediately by a 
second request from the client with credentials. If that is happening 
there is no problem with the client.

Secondly, check if clients are having trouble logging in with correct 
credentials. If they are, figure out why. It may be a problem with the 
auth helper or your access controls sequence.


More information about the squid-users mailing list