Re: [squid-users] Need help in integrating squid and samba

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 09 Sep 2009 09:26:44 +0200

ons 2009-09-09 klockan 12:02 +0530 skrev Avinash Rao:

> http_access allow staffgroup
> http_access allow student staffgroup

The above is wrong.

The first directive allows everyone in staffgroup without restriction,
which means the second can not be reached. Squid uses the first
http_access line matching the request to determine if the request is
allowed or denied, any http_access rules following that is ignored.

> I am wondering if its really checking the NT group? I also tried using
> the squid_unix_group option, but the result was the same.

It most likely is, assuming you have no "proxy_auth REQUIRED" acl used
in parts of squid.conf not shown here.

> http_access deny extndeny
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
>
> #http_access allow friends WORKING
> #http_access deny friends
> http_access deny abc
> http_access deny videos
>
> http_access deny !AuthUsers

Ok.

> http_access allow staffgroup
> http_access allow student staffgroup

See above for why this is wrong. I guess the first of the two should
go..

> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost

There is a "deny purge" rule missing here.

And the whole block should be before your custom rules (i.e. first rules
in http_access).

> #http_access allow special_urls
> #http_access deny extndeny download
> http_access deny badurl
> #http_access deny malware_block_list
> #deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list

This deny need to go before where you allow access to be effective. But
maybe it is.. Not entirely obvious to me who should get denied and who
not.

> http_access allow localhost
> http_access allow lan
> http_access deny all

Ok.

Regards
Henrik
Received on Wed Sep 09 2009 - 07:26:48 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 10 2009 - 12:00:02 MDT