[squid-users] ACL - transparent proxy and authentication

From: Terry Davis <tdavis@dont-contact.us>
Date: Thu, 07 Feb 2002 18:50:08 -0600

Hello,

I now configured a transparent proxy but I lost all my authentication stuff.

Here are my ACLs:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl auth0 proxy_auth REQUIRED
acl exe-filter urlpath_regex -i \.exe$ \.ade$ \.app$ \.bas$ \.bat$
\.bin$ \.chm$ \.cmd$ \.cpl$ \.crt$ \.dev$ \.fon$ \.hlp$ \.hta$ \.inf$
\.ins$ \.isp$ \.jse$ \.lnk$ \.mde$ \.mdc$ \.msi$ \.msp$ \.mst$ \.pcd$
\.pif$ \.qlb$ \.ovl$ \.ovr$ \.scr$ \.sct$ \.shb$ \.shs$ \.sys$ \.vb$
\.vbe$ \.vbs$ \.vxd$ \.wk4$ \.wsc$ \.wsf$ \.wsh$ \.xtp$ \.reg$ \.ini$ \.wk4$
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny exe-filter
http_access allow auth0
http_access deny CONNECT !SSL_ports

authenticate_program /usr/local/squid/bin/pam_auth

The transparent proxy works great. The auth is not.

Any ideas?

-- 
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059
www.birddog.com
Received on Thu Feb 07 2002 - 17:50:06 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:12 MST