Re: [squid-users] Remote access acls

From: docdiz <prn4all_at_gmail.com>
Date: Fri, 13 Jun 2008 21:42:00 +0700

  I use simple NCSA. Then add small password file to NCSA directory.
This password file is changed EVERY day, at 08:00am and 17:00pm. User
have to call in to get the username/password of that day before
they're able to use this office's squid (another way to audit who's
working or not :-D)

# heh! this line is extract from the very old 2.0 conf
authenticate_program /usr/local/squid/bin/ncsa /usr/local/squid/etc/registered

# this two lines never change eventhough it's now 2.6
acl MEMBER proxy_auth REQUIRED
http_access deny !MEMBER

2008/6/13, ffredrixson_at_comcast.net <ffredrixson_at_comcast.net>:
>
> -------------- Original message ----------------------
> From: Amos Jeffries <squid3_at_treenet.co.nz>
> > ffredrixson_at_comcast.net wrote:
> > > I'm trying to provide an externally available proxy to our employees. This way
> > they can have the same basic protection when traveling that they get when
> > they're inside our corporate walls.
> > >
> > > What acls or rules do I need to be looking at?
> > >
> > > I'm a newbie and just trying to keep my job.
> > >
> > > Thank you in advance.
> >
> > Safest ones are auth IMO. They can use any net connection, and link in
> > through the proxy to get anywhere.
> > After the local accepts and before the global external denial.
> >
> > Amos
> > --
> > Please use Squid 2.7.STABLE2 or 3.0.STABLE6
>
>
> Thank you for your quick reply.
>
> What auth would you recommend? The powers above decided it shouldn't be Active Directory. What other auth is recommended? is there any based on a cert installed on the laptops? Or could it be cookie based? (I know it sounds like a dumb question but I know I'll be asked) Anything to avoid login and password would be great.
>
> Thank you again.
>

-- 
... Lyrics of the Forest ...
Received on Fri Jun 13 2008 - 14:42:06 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 14 2008 - 12:00:03 MDT