Excellent Amos! I have to admit that I was approaching that conclusion. I did exactly as you told me and problem solved. I will consider your recommendations when I need to add more rules. Best regards!
Gabriel El lun., 1 de oct. de 2018 a la(s) 18:04, Amos Jeffries ( squ...@treenet.co.nz) escribió: > On 2/10/18 9:28 AM, neok wrote: > > As far as I know, nothing's changed. The only thing that could have > happened > > is that Chrome was updated. I'm reviewing that. > > > > This say Firefox when try acces to denied site: > > The proxy server is refusing connections. > > Firefox is configured to use a proxy server that is refusing connections. > > > > As you an see from the access.log Squid is presenting 407 auth > challenged in response to these CONNECT requests. > > It is welcome news to hear Chrome is finally been fixed to actually > perform authentication for CONNECT tunnels. While it may have been okay > with you the previous behaviour is actually a long-standing Browser bug > and violation of HTTP on their part. > > > > > On 2/10/18 8:53 AM, neok wrote: > > > > Now Chrome shows me the login window every time I visit a denied site. > > I suspect Chrome has been updated and changed its behavior. I'm currently > > studying that possibility. > > I'm also rethinking whether the way I'm denying sites is the right one. > > ... > > > > http_access allow WEB_ACCESS_YT_ONLY LS_youtube > > http_access deny WEB_ACCESS_YT_ONLY > > The "deny WEB_ACCESS_YT_ONLY" line is triggering the re-authentication. > > When the reason for denial is due to credentials (ie %LOGIN for the > external ACL evaluation) a 407 authentication challenge is produced. > > Notice that in the config I helped you develop a few days ago all the > other uses of these external ACL tests for "deny" action are followed by > another ACL test that is unrelated to the auth process. Usually a regex > or dstdomain check. It is these other ACL checks which prevent any of > those lines triggering similar auth challenges as they deny traffic. > > > Since the next thing your config is doing is a "deny all" you can remove > this "deny WEB_ACCESS_YT_ONLY" line entirely and the popups should > disappear while still having that traffic denied. > > > If you have other config policies to be added later there are some other > things you can do. But those will depend on what the other policies are > going to require, so I wont cover it now. Just be aware you may have to > revisit that YT access rule when adding other policies. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
