always_direct

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

always_direct

Jason Neurohr
Hello.

I've added an always_direct to my squid config, and run a squid -k reconfigure. It doesn't seem to have taken any effect. Is there anything else I need to do before it will take effect?

Cheers Jason

http://forum.networkfu.org


Reply | Threaded
Open this post in threaded view
|

Re: always_direct

Henrik Nordström
tor 2007-06-07 klockan 16:14 +1000 skrev Jason Neurohr:
> Hello.
>
> I've added an always_direct to my squid config, and run a squid -k
> reconfigure. It doesn't seem to have taken any effect. Is there
> anything else I need to do before it will take effect?

What effect are you looking for?

always_direct tells Squid that it must fetch the request directly, not
using any cache_peer.

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

FW: always_direct

Jason Neurohr
In reply to this post by Jason Neurohr
Sorry, I should have been more clear. So basically I have a website which i dont want squid to proxy. This is because the website requires the user to authenticate with NTLM (IIS Intergrated Security). As squid can't pass the authentication traffic, (accoring to some sources i've read) it instantly returns a 401.2 Unauthorized message.

________________________________________
From: Henrik Nordstrom [[hidden email]]
Sent: Thursday, June 07, 2007 11:13 PM
To: Jason Neurohr
Cc: [hidden email]
Subject: Re: [squid-users] always_direct

tor 2007-06-07 klockan 16:14 +1000 skrev Jason Neurohr:
> Hello.
>
> I've added an always_direct to my squid config, and run a squid -k
> reconfigure. It doesn't seem to have taken any effect. Is there
> anything else I need to do before it will take effect?

What effect are you looking for?

always_direct tells Squid that it must fetch the request directly, not
using any cache_peer.

Regards
Henrik
Reply | Threaded
Open this post in threaded view
|

Re: FW: always_direct

lucas coudures
look this http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM?highlight=%28%5EConfigExamples/%5B%5E/%5D%2A%24%29
is about windows ntml authentication


--
Lucas Coudures

Registered Linux User #442566
Blog: http://lucas-coudures.blogspot.com/
Jabber: [hidden email]
-------------------------------------------------------------------------------------------------------------------------------------
Este mensaje no contiene virus, debido a que todo su contenido se ha
generado bajo Linux.

Dead is a matter of definition. Free software only dies when the last
copy of the source code is erased.
Reply | Threaded
Open this post in threaded view
|

Re: FW: always_direct

Chris Robertson-2
In reply to this post by Jason Neurohr
Jason Neurohr wrote:
> Sorry, I should have been more clear. So basically I have a website which i dont want squid to proxy. This is because the website requires the user to authenticate with NTLM (IIS Intergrated Security). As squid can't pass the authentication traffic, (accoring to some sources i've read) it instantly returns a 401.2 Unauthorized message.

Please don't post your replies to the top of the message.  It makes the
archives hard to read.

Squid 2.6 can proxy NTLM authentication.  There is no way for Squid to
bypass itself.  If you don't want to use Squid for accessing a site, you
are going to have to specify that outside of your Squid configuration
(in a proxy.pac or the browser's proxy settings, etc.).

Chris
Reply | Threaded
Open this post in threaded view
|

Re: FW: always_direct

lucas coudures
2007/6/8, Chris Robertson <[hidden email]>:

> Jason Neurohr wrote:
> > Sorry, I should have been more clear. So basically I have a website which i dont want squid to proxy. This is because the website requires the user to authenticate with NTLM (IIS Intergrated Security). As squid can't pass the authentication traffic, (accoring to some sources i've read) it instantly returns a 401.2 Unauthorized message.
>
> Please don't post your replies to the top of the message.  It makes the
> archives hard to read.
>
> Squid 2.6 can proxy NTLM authentication.  There is no way for Squid to
> bypass itself.  If you don't want to use Squid for accessing a site, you
> are going to have to specify that outside of your Squid configuration
> (in a proxy.pac or the browser's proxy settings, etc.).
>
> Chris
>

sorry =)

--
Lucas Coudures

Registered Linux User #442566
Blog: http://lucas-coudures.blogspot.com/
Jabber: [hidden email]
-------------------------------------------------------------------------------------------------------------------------------------
Este mensaje no contiene virus, debido a que todo su contenido se ha
generado bajo Linux.

Dead is a matter of definition. Free software only dies when the last
copy of the source code is erased.
Reply | Threaded
Open this post in threaded view
|

RE: always_direct

Henrik Nordström
In reply to this post by Henrik Nordström
fre 2007-06-08 klockan 10:12 +1000 skrev Jason Neurohr:
> Sorry, I should have been more clear. So basically I have a website
> which i dont want squid to proxy. This is because the website requires
> the user to authenticate with NTLM (IIS Intergrated Security). As
> squid can't pass the authentication traffic, (accoring to some sources
> i've read) it instantly returns a 401.2 Unauthorized message.

This needs to be told to the browser, not Squid. When the request has
already been sent to Squid it's too late to not use the proxy.

Open the proxy settings in your browser, and fill in the no-proxy field.

But accessing NTLM protected resources should work via Squid-2.6.

Regards
Henrik

signature.asc (316 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: FW: always_direct

Adrian Chadd
In reply to this post by Chris Robertson-2
On Fri, Jun 08, 2007, Chris Robertson wrote:

> Squid 2.6 can proxy NTLM authentication.  There is no way for Squid to
> bypass itself.  If you don't want to use Squid for accessing a site, you
> are going to have to specify that outside of your Squid configuration
> (in a proxy.pac or the browser's proxy settings, etc.).

Strictly speaking there's a well-known hack available to do that, at
least for transparent interception mode.

Ie:

* You have a list of hostnames and/or IPs which are "direct";
* Squid would be modified to listen for requests for those sites,
  issue a temporary redirect back to the same URL (so the UA retries
  the request), and installs a temporary ip filtering rule to bypass
  Squid on further requests to that IP address
* Rule times out after a while

(No, I didn't come up with that. :)

Who wants a simple project? :)




Adrian