Hello group,
for security reasons we want a proxy outside a companies network be the only
one bypassing the firewall to an internal webserver.
This proxy should do a first authentication ( I tried ncsa_auth but will be
LDAP) and after a user has been authenticated proxy his/her request to the
real destination server.
I built Squid:
Squid Cache: Version 2.5.STABLE1-20021114
configure options: --prefix=/usr/local/squid --enable-basic-auth-helpers=NCSA
created a squid.conf:
cache_effective_user squid
http_port 80
visible_hostname thomas.intern.cosifan.de
httpd_accel_host www.cosifan.de
httpd_accel_port 80
#httpd_accel_with_proxy on
auth_param basic program /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Squid at Toms Linux
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#acl xauth src 0.0.0.0/0.0.0.0
acl xauth proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 1025-65535
http_access allow xauth
icp_access allow all
miss_access allow all
and a passwd file.
But when trying to log on I get:
aclAuthenticated: authentication not applicable on accelerated requests.
in /var/log/messages
Is what I want impossible with squid, or is there any possibility to force
squid to do what I want?
best regards
mit freundlichen Grüßen
Thomas Hänig
CosiFan Computersysteme GmbH
Received on Thu Nov 14 2002 - 01:56:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:19 MST