[squid-users] permit google chrome updates
Amos Jeffries
squid3 at treenet.co.nz
Tue Mar 2 16:27:33 UTC 2021
On 3/03/21 1:59 am, jmpatagonia wrote:
> Yes the proxy have external authentication --> auth_param basic program
> /usr/lib/squid/basic_ldap_auth....
> but I receive a lot of request from users like
>
> 02/Mar/2021:12:45:02 -0300 || - || xx.xx.xx.xxxx || TCP_DENIED/407||
> CONNECT || update.googleapis.com:443 || text/html
>
> I think the users use the browser for local network services and not
> validate on proxy, but the browser (chrome) still trying to use the
> proxy for update.
>
> How can I fix this ?
>
No secure client will send login credentials unless they are actually
needed. 407 are simply a message from the proxy telling the client to
send credentials, and what type(s) to send (eg Basic).
First check that these requests are not followed almost immediately by a
second request from the client with credentials. If that is happening
there is no problem with the client.
Secondly, check if clients are having trouble logging in with correct
credentials. If they are, figure out why. It may be a problem with the
auth helper or your access controls sequence.
Amos
More information about the squid-users
mailing list