On Wed, 6 Oct 2004, Adam Pearse wrote:
"You may have to use this registry key if you connect by using a proxy server that is handling secure and non-secure requests on the same server. One example of this behavior is the SQUID Proxy Server software. Because Internet Explorer typically caches port information, it may not send a secure request over the correct port number when it tries to send secure and non-secure responses to the same server, but on different port numbers."
So finally Microsoft managed to exacly replicate an old Netscape Navigator bug?
There is the notable bug in current versions of MSIE that it completely forgets to set up the SSL if the proxy requires authentication..
It seems that for every new patchlevel of MSIE 6 they manage to break the HTTP protocol parts even worse. Can not say I am impressed with their MSIE quality controls in the recent years..
Anyway, as always there is workarounds.
To work around the specific problem described above configure your Squid with two http_port directives, one for "normal proxy" and the other for "secure proxy", and configure your browser accordingly (click on the "Advanced" proxy settings if your MSIE version only have a single proxy field).
For the problem of Windows Update not supporting NTLM authentication you need to add
acl windowsupdate dstdomain .windowsupdate.microsoft.com http_access allow windowsupdate myclients
before where you require authentication in your list of http_access rules.
add whatever other domains they are using at the moment to the windowsupdate acl.
myclients is assumed to be an acl matching the range of acceptable client station IP addresses.
Regards Henrik
