[squid-users] use squid for just images

[Nick Duda]

I've read about the issues with NTLM passthrough on squid. Is there any
way a client can be configured to use squid for its cached content (like
images) but go directly to a server for NTLM (nt auth)?

The scenario is that one of our branch offices has a squid cache. They
have dedicated private line circuits to the corporate office only. In
the corporate office they get internet access. All clients in the branch
office use squid as the proxy for internet traffic, but have exclusions
in the browse to not use squid for local traffic and specific servers.
We require that they use the proxy to access an internal server that is
located in our corporate office, but this server requires NT
authentication when accessing its web page.

I understand squid has an issue with this, as I've tried to get this to
work once and was even told by some of you very smart people that i was
beating a dead horse because Microsoft cant write ntml properly :) Can
squid be configured in a way that serves up images and such from this
server but does the nt auth not going through squid?

Do anyone even follow what I'm trying to say

Regards,
Nick


-
Confidentiality note
The information in this email and any attachment may contain confidential and 
proprietary information of VistaPrint and/or its affiliates and may be 
privileged or otherwise protected from disclosure. If you are not the intended 
recipient, you are hereby notified that any review, reliance or distribution by 
others or forwarding without express permission is strictly prohibited and may 
cause liability. In case you have received this message due to an error in 
transmission, please notify the sender immediately and delete this email and 
any attachment from your system.
-

Re: [squid-users] use squid for just images

[Henrik Nordstrom]

On Fri, 2006-09-01 at 09:58 -0400, Nick Duda wrote:
 I've read about the issues with NTLM passthrough on squid.

Those should be pretty much an issue of the past now with the release of
Squid-2.6 with support for NTLM passthrough. If you still have problems
with 2.6.STABLE3 please file a bug report.

An alternative which is recommended and works for all proxies is to have
the web site use https on authenticated content. https is tunneled via
the proxy, not proxied, and therefore works fine even with
non-HTTP-compliant authentication such as NTLM.

 Is there any
 way a client can be configured to use squid for its cached content (like
 images) but go directly to a server for NTLM (nt auth)?

Only by URL-based exclusions.

 I understand squid has an issue with this, as I've tried to get this to
 work once and was even told by some of you very smart people that i was
 beating a dead horse because Microsoft cant write ntml properly :)

Microsoft knows NTLM reasonably well.. it's HTTP they don't understand..

 Can
 squid be configured in a way that serves up images and such from this
 server but does the nt auth not going through squid?

Only if

a) These images can be identified by URL.

and

b) Access to these images does not require authentication.


For 'a' use a pac file which gives your detailed control of what URLs to
proxy or not..


But as I said above: With Squid-2.6 it should just work.

Regards
Henrik