Werner Opriel wrote:
> Am Sonntag, 11. Juli 2010 schrieb Amos Jeffries:
>> Werner Opriel wrote:
>>> We are using a debian-Package of Squid 2.7 Stable3 on a Debian Lenny
>>> machine with ncsa-auth configured, acting as a central Internet-Proxy.
>>>
>>> All Users/Passwords are stored in /etc/squid/passwd on localhost and only
>>> authenticated users are allowed to surf on sites outside the intranet.
>>> There are no problems with authentication so far.
>>>
>>> But we have a problem playing videos from the side http://www.wdr.de,
>>> they do provide media-streams based on flash, for example:
>>> http://www.wdr.de/mediathek/html/regional/2009/07/30/aktuelle-stunde-kuen
>>> digung.xml
>>>
>>> Those pages can be accessed without problems and the starting picture of
>>> the video is displayed. When we try to play the video we are receiving
>>> "network error" and "file not found" within the flasharea-window after a
>>> few seconds. There is no problem playing an audio stream from this site
>>> or flash-videos for example from youtube.com or golem.de
>>>
>>> Our Clients, always with flashplugin installed:
>>> Firefox 3.5 (Win), Firefox 3.6 (Linux) and Chrome (Linux) .
>>>
>>> In the access.log we can see an authenticated user "test" surfin on
>>> www.wdr.de.
>>> When starting the video it would seem that he lost his authentication
>>> information and then ends in tcp-denied/407.
>>> When disabling NCSA-AUTH in squid, we can play the videos without any
>>> problems.
>> <snip>
>>
>> It's clear the flash player is making it's own background HTTP requests
>> and not sending credentials. This is a flash player problem.
>>
>> You have a choice of putting up with it or letting the player through
>> your Squid without authentication. The headers you log show a few things
>> like User-Agent, source website and Content-Type you could match on to
>> identify its requests.
>
> Thanks Amos.
> But can you give me a hint how i have to configure squid for letting the
> flashplayer through it without authentication?
Already did. The third sentence I wrote says "The headers you log show a
few things like ... you could match on".
http://www.squid-cache.org/Doc/config/acl/ see req_header ACL type.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.5Received on Mon Jul 12 2010 - 05:00:25 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 12 2010 - 12:00:04 MDT