Re: [squid-users] ntlm_auth & Windows Update

From: Daniel Halbe <daniel@dont-contact.us>
Date: Tue, 11 Oct 2005 11:13:41 +0100 (IST)

Am Oct 11, 2005 09:56 AM schrieb Stefano Mason
<stefano.mason@t-systems.it>:

>Daniel Halbe wrote:
>
>>########### squid.conf ###################
>>client_netmask 255.255.255.0
>>dns_nameservers XXX.YYY.172.3
>>auth_param ntlm program /usr/bin/ntlm_auth
>>--helper-protocol=squid-2.5-ntlmssp
>>auth_param ntlm children 15
>>auth_param ntlm max_challenge_reuses 0
>>auth_param ntlm max_challenge_lifetime 2 minutes
>>auth_param basic program /usr/bin/ntlm_auth
>>--helper-protocol=squid-2.5-basic
>>auth_param basic children 5
>>auth_param basic credentialsttl 5 hours
>>acl all src 0.0.0.0/0.0.0.0
>>acl manager proto cache_object
>>acl localhost src 127.0.0.1/255.255.255.255
>>acl to_localhost dst 127.0.0.0/8
>>acl SSL_ports port 443 563 # https, snews
>>acl SSL_ports port 873 # rsync
>>acl Safe_ports port 80 # http
>>acl Safe_ports port 21 # ftp
>>acl Safe_ports port 443 563 # https, snews
>>acl Safe_ports port 70 # gopher
>>acl Safe_ports port 210 # wais
>>acl Safe_ports port 1025-65535 # unregistered ports
>>acl Safe_ports port 280 # http-mgmt
>>acl Safe_ports port 488 # gss-http
>>acl Safe_ports port 591 # filemaker
>>acl Safe_ports port 777 # multiling http
>>acl Safe_ports port 631 # cups
>>acl Safe_ports port 873 # rsync
>>acl Safe_ports port 901 # SWAT
>>acl QUERY urlpath_regex cgi-bin ?
>>acl purge method PURGE
>>acl CONNECT method CONNECT
>>acl NTLMUsers proxy_auth REQUIRED
>>acl winupdate dstdomain .microsoft.com .windowsupdate.com
>>acl ftp proto FTP
>>no_cache deny winupdate
>
>>http_access allow all NTLMUsers
>
>move up> http_access allow winupdate
>
>>always_direct allow ftp
>
>remove > always_direct allow winupdate
>
>>no_cache deny QUERY
>>http_access deny all
>>http_reply_access allow all
>>icp_access deny all
>>cache_mgr root
>>dns_testnames heise.de google.de denic.de internic.net
>>######################################
>>
>
>Bye
>Stefano

Hi Stefano,

thank you for fast answering - you solved the problem :-)

Daniel
Received on Tue Oct 11 2005 - 04:13:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST