Re: [squid-users] Can't see usernames in logs after enabling NTLM from Oliver Hookins on 2005-02-06 (squid-users)

From: Oliver Hookins <ohookins@dont-contact.us>
Date: Mon, 07 Feb 2005 12:50:55 +1100

Henrik Nordstrom wrote:
> On Fri, 4 Feb 2005, Oliver Hookins wrote:
>
>> and then later on:
>>
>> acl password proxy_auth REQUIRED
>
>
> Have you also defined the required http_access rule using the password acl?

On my 2.5STABLE3 box I didn't explicitly have a http_access rule
referring to the proxy_auth. I had one referring to the squid_ldap_group
helper ACL though, and that seemed to work. Anyway here's the list of
acl's and http_access lines so maybe you can see what I'm doing wrong on
the 2.5STABLE7:

acl password proxy_auth REQUIRED

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl our_network src 192.168.0.0/255.255.252.0

##################################################
acl SURFING src 192.168.0.2
acl SURFING src 192.168.0.3
acl SURFING src 192.168.0.5
acl SURFING src 192.168.0.6
acl SURFING src 192.168.0.7
acl SURFING src 192.168.0.42
acl SURFING src 192.168.0.4
acl SURFING src 192.168.0.65
acl SURFING src 192.168.0.66
acl SURFING src 192.168.0.67
acl SURFING src 192.168.0.70
acl SURFING src 192.168.0.73
acl SURFING src 192.168.0.79
acl SURFING src 192.168.0.85
acl SURFING src 192.168.0.87
acl SURFING src 192.168.0.89
acl SURFING src 192.168.0.100
acl SURFING src 192.168.0.101
acl SURFING src 192.168.0.105
acl SURFING src 192.168.0.106
acl SURFING src 192.168.0.111
acl SURFING src 192.168.0.115
acl SURFING src 192.168.0.116
acl SURFING src 192.168.0.119
acl SURFING src 192.168.0.122
acl SURFING src 192.168.0.126
acl SURFING src 192.168.0.128
acl SURFING src 192.168.0.129
acl SURFING src 192.168.0.141
acl SURFING src 192.168.0.145
acl SURFING src 192.168.0.148
acl SURFING src 192.168.0.149
acl SURFING src 192.168.0.108
acl SURFING src 192.168.0.107
acl SURFING src 192.168.0.112
acl SURFING src 192.168.0.103
acl SURFING src 192.168.0.182
acl SURFING src 192.168.0.113
acl SURFING src 192.168.0.117
acl SURFING src 192.168.0.157
acl SURFING src 192.168.0.161
acl SURFING src 192.168.0.162
acl SURFING src 192.168.0.183
acl SURFING src 192.168.0.200
acl SURFING src 192.168.0.214
acl SURFING src 192.168.0.124
acl SURFING src 192.168.0.249
acl SURFING src 192.168.0.248
acl SURFING src 192.168.0.153

##################################################
# General Sites
acl allowedsites dstdomain .whitepages.com.au
acl allowedsites dstdomain .whereis.com.au
acl allowedsites dstdomain .gov.au
acl allowedsites dstdomain .edu.au
# IT Sites
acl allowedsites dstdomain .symantec.com
acl allowedsites dstdomain .symantec.com.au
acl allowedsites dstdomain .canon.com
acl allowedsites dstdomain .canon.com.au
acl allowedsites dstdomain .microsoft.com
acl allowedsites dstdomain .windowsupdate.com
acl allowedsites dstdomain .akamai.net
acl allowedsites dstdomain .symantecliveupdate.com
acl allowedsites dstdomain .adobe.com
acl allowedsites dstdomain .practicallynetworked.com
acl allowedsites dstdomain .ntfaq.com
acl allowedsites dstdomain .fixmypcasap.com
acl allowedsites dstdomain .drivers.com
acl allowedsites dstdomain .netgear.com
acl allowedsites dstdomain .driverguide.com
acl allowedsites dstdomain .papwalker.com
acl allowedsites dstdomain .pap.homeftp.net
acl allowedsites dstdomain .bmsltd.co.uk
acl allowedsites dstdomain .sysinternals.com
acl allowedsites dstdomain .mvps.org
acl allowedsites dstdomain .sun.com
acl allowedsites dstdomain .hillstouch.com
# Account Sites
acl allowedsites dstdomain .myob.com.au
acl allowedsites dstdomain .ioof.com.au
acl allowedsites dstdomain .superchoice.com.au
acl allowedsites dstdomain .super.com

acl AuthGroup external ldap_group gOpenProxy

#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow allowedsites
http_access allow localhost
http_access allow SURFING
#
http_access allow AuthGroup
#

http_access deny all

------------------

Thanks heaps,
Oliver
Received on Sun Feb 06 2005 - 18:51:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST