Re: [squid-users] Re: Conf squid cache [

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 07 Jul 2010 00:50:19 +1200

squidACL wrote:
> my proxy working very well but after the update i have this probleme my squid
> conf:
>
<snip>
>
> acl ntlm proxy_auth REQUIRED
>
<snip>
>
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>
<snip>
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>

<paste>
http_access deny reefer
http_access deny gate1
http_access deny gate2
http_access deny GATE
</paste>

or even this instead of the above four lines:

  acl gates src 10.60.3.61 10.60.3.72 10.60.3.73 10.60.3.86
  http_access deny gates

> http_access allow localnet
>
> http_access allow localhost

<paste>
http_access allow ntlm
</paste>

> http_access deny all
>
> <snip>
>
> the people that are in our domaine they don't need to use the login and
> password just the people that come from outside
>
> I use squid/3.0.STABLE20
>
> Thank you
>

The http_access rules are processed top-down.

The first thing you do is to deny the "gate"* machines access. The
second is you require everybody else to authenticate.

Please define "our domaine".

  If you mean by that the users in the local authentication domain. Then
no in order identify them they MUST be logged in first.

  If you mean machines on the local network IP ranges, then you need to
adjust your http_access logics to specify that condition. See my pastes
above.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.5
Received on Tue Jul 06 2010 - 12:50:29 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 06 2010 - 12:00:02 MDT