[squid-users] Problem 2.5.10 ACL-s and NTLM authenticator 2. (fwd)

OK I clarify, simply if I attach piece of config files.
------------------------------------------------------------------------------
squid.conf:
# Authentication
auth_param ntlm program /usr/libexec/wb_ntlmauth
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/libexec/wb_auth
auth_param basic children 3
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type useringroup concurrency=20 %
LOGIN /usr/libexec/wb_group

acl parent_auth proxy_auth REQUIRED

acl inwwwgroup external useringroup WWWUSERS
http_access allow parent_auth inwwwgroup

# ACL reszleges tiltashoz
#
acl deny_matra_domain dstdomain .adverticum.net .mix.kepregeny.net

------------------------------------------------------
Our problems usually www.origo.hu access.
Origo contain a some advertisment. This advertisment read
from .adverticum.net site. The .adverticum site is denied.
Problems, the browser try to get user/pass with a pop-up window
since we updated squid. I click to Cancel button, advertisment instead
of Access Deny page. I type user/pass, the pop-up window show
again. Previsious version don't show a pop-up window, only access
denied messages.

I have looked the access.log, and I find some TCP_DENIED messages
to the adverticum.net.
 

"Jacob Curdes wrote":

>Pif Sap schrieb:

>We have change 2.5-stable8 to 2.5-stable10.
>
>We find a next problem:
>www.origo.hu is an Hungarian portal server. Everybody has access
this
>site. It contains a some plug adverb from adverticum.net adverb site.
>adverticum.net is deny all users.
>
>
>
(...)
Sorry, but we cannot understand your problem. Please clarify which
sites
you want access to, which sites you want blocked and where
autorisation
comes into the scene. Are we talking about autorisation agianst the
proxy (to use the internet) or about autorisation at the original site ?
Please try to be as clear as possible so that we can help you. It would
also help if you would try to write simple, but correct english. Nobody
will understand a construction like "contains a some plug adverb". I
have no idea what you are talking about at this point.

Yours,
Jakob Curdes

---------- Továbbított levél ----------
Dátum: Tue, 19 Jul 2005 12:22:40 +0200 (CEST)
Feladó: Pif Sap <pifsap@freemail.hu>
Címzett: squid-users-digest@squid-cache.org
Tárgy: Problem 2.5.10 ACL-s and NTLM authenticator

We have change 2.5-stable8 to 2.5-stable10.

We find a next problem:
www.origo.hu is an Hungarian portal server. Everybody has access this
site. It contains a some plug adverb from adverticum.net adverb site.
adverticum.net is deny all users.

Old version show "Access Deny" page instead of adverbs.

New version try to get username/password from browsers (usually IE6)
with Basic mode. Altough we use an NTLM authenticator.

I have make a debug log, but it is a big file.
Developers: maybe, we are using acl-debug mode? ;)

SMB version 2.2.8a -SUSE
Squid version 2.5-stable10

Thx

Pif

_________________________________________________________
______________
[freemail] extra 1GB-os postafiókkal, Önnek már van? http://freemail.hu

_________________________________________________________
______________
[freemail] extra 1GB-os postafiókkal, Önnek már van? http://freemail.hu
Received on Tue Jul 19 2005 - 08:22:41 MDT