Problem:
If you try to reach an “allowed” website you repeatly get a logon request at the proxy in firefox, anyway.
Investigation:
- If you have a parent proxy, check if reloaded pages are allowed.
- Check if you have more than one interface defined and both are configured in DNS. If not you may disable the not used one.
ucr set samba/register/exclude/interfaces='docker0 eth1'
- You should also check the proxy entry in firefox. If you have enabled kerberos with proxy, the entry has to be the FQDN of the proxy and must not an IP address.
Solution:
The problem is that Firefox wants to have proxy access for all reloaded pages, which are partially blocked.
The problem is that both the Kerberos ticket request generates a “407”, and the ban from Squidguard returns a “407”, but with a slightly different header. Other browsers like IE can handle this better than Firefox
You can use ublock origin as addon for firefox. This tool bloks reloaded sites, so squidguard does not feel responsible