hehe. yep i mean basic. sorry. ta for tcpdump.
interesting idea. i might put basic first and see if IE takes the best option, not the last option in the list (if it makes a diference that is) and then see if adobe takes the basic option. then i'll be set. i'll follow it up with adobe anyway. what's a pain is i probably have to go and find the license numbers and reg info just to log a bug. <sigh> these closed source companies, i ask you. thanks Matt -----Original Message----- From: Robert Collins [mailto:[EMAIL PROTECTED] Sent: Friday, 11 July 2003 11:55 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] ACL Regex Browser - for Adobe Web capture? On Fri, 2003-07-11 at 12:03, [EMAIL PROTECTED] wrote: > Hi Robert, > > >you can simply allow adobe based on a browser regex before your auth > >triggering http_access lines. > > that's what i'm hoping to do to get around this problem. have you managed > to do this? i've not experimented yet as i didn't know what adobe tells > squid what browser it is. i'm going to tcpdump eventually and see if i can > figure it out. Yup. tcpdump -s 1500 -X port 8080 host <srcip you are testing from> that should do it for you. > >As far as the adobe tool working with plain, not when NTLM is enabled, > >that smells like a bug - RFC 2617 specifies that user agents should > >select the -best supported- auth scheme offered by the proxy - and as > >you have plain enabled, adobe should select that and use it. > > just plain works with adobe. ntlm doesn't. and ntlm first and plain second > doesn't. sad that. Uhm 'plain'? I presume you are referring to 'basic' - there is no such scheme as plain. > i'm guessing that adobe is selecting the best supported one which is ntlm > and failing because it doesn't like it. it's version 5 of pdf which isn't > the latest (6 is out). Thats the point - if it doesn't like NTLM, it shouldn't select it according to the RFC. This is grounds for a bug report to the vendor - adobe- IMO. I was giving you the description, to help you make the case to them :}. Anecdotally MSIE has(perhaps had - I haven't tested for a while) a bug that it always chooses the first offered scheme, even if it is less secure than others in the list. Rob -- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.