KB N°1962: AUTHENTICATION POP-UP ON SOME SITES

Published November 10, 2023

Some sites open a manual identification pop-up each time you visit.

Symptom

Some sites open a manual identification pop-up each time you visit.

Context

Some sites do not use NTLM authentication, and instead use "basic" authentication. This results in a manual identification pop-up each time the user visits the site (Windows Update sites and certain sites using java applets are particularly affected). To avoid this manual authentication, it is necessary to create an Olfeo filtering exception on the HTTP proxy for a given URL or domain.

Tests

Go to the proxy configuration menu to add ACLs:

ACLs must appear in the proxy configuration file

vim /etc/squid3/squid3.conf

This gives :

dstdomain: for a domain

dst: for an IP

url_regex: for a URL

Complete list of squid directives: http: //www.squid-cache.org/Doc/config/.

To test an ACL before adding it to the webadmin, edit the proxy configuration file

The above ACL authorizes (and overrides authentication) for requests to the test123.com domain.

squid3 -k parse -f /etc/squid3/squid3.conf

If no alert appears for the ACL that has been added, it is possible to reload squid without having to restart it:

squid3 -k reconfigure -f /etc/squid3/squid3.conf

IMPORTANT: The redirector_access deny directive makes all requests for access to these sites transparent. There will be no trace of visits to these sites in the statistics.