Finally figured this one out and wanted to share...
We block all outbound 80 traffic not coming from squid
(and the server vlan.. ok, and the admin vlan ;-)
when you type in mail.yahoo.com, you actually get
redirected to login.yahoo.akadns.net. Going through
squid w/ntlm, this works just fine on firefox. With
IE, it doesn't work. We have to allow port 80 traffic
to akadns.net subnets on our pix. I have ethereal
traces and they are actually different from firefox to
IE.
We even have all yahoo.com and akadns.net as
dstdomains.. and before the http_access for the
NTLM... still doesn't work with IE. The minute we
take the port 80 outbound block off our pix, it works
just fine.
acl yahoo_mail dstdomain .yahoo.com
acl akadns_net dstdomain .akadns.net
acl NTLMUsers proxy_auth REQUIRED
acl our_networks src 192.168.0.0/16
http_access allow yahoo_mail
http_access allow akadns_net
http_access allow all NTLMUsers
http_access allow our_networks
http_access allow localhost
Just thought I would share our frustrations...
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Fri Mar 10 2006 - 08:08:37 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST