Re: [squid-users] Squid and Firewall rules

From: Henrik Nordstrom <[email protected]>
Date: Mon, 1 Mar 2004 12:56:58 +0100 (CET)

On Mon, 1 Mar 2004, GG BB wrote:

> But with this rule in, I get that all users, even if
> they don't set their Browsers to use a Proxy, can surf
> the WEB withouth being authenticated by Squid, but
> passing through the Proxy anyway (in fact I can see
> them on my Access.log file)

This is most likely due to the fact that you can not combine
authentication and transparent interception. For proxy authentication to
be used the browser MUST be configured to use a proxy.

You should notice this by quite massive complaints in cache.log if there
is a users who do not have their proxy settings in the browser.

> ## HTTP_ ACCESS SETTINGS
>
> http_access deny to_localhost
> http_access deny !mylan
> http_access allow myPwd
> http_access allow mylan
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all

The above should read

http_access allow manager localhost
http_access deny manager
http_access deny !mylan
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow myPwd mylan
http_access deny all

For details on how http_access works see the Suqid FAQ chapter 10 Access
Controls. <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html>

Regards
Henrik
Received on Mon Mar 01 2004 - 05:40:55 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST