Well.. unless you have removed the default rules shipped in the default
squid.conf then '2' should be in effect.
See your http_access rules.
As for 1, you simply need to set up authentication and then restrict
access in http_access to deny users not logged in from using CONNECT
acl authenticated proxy_auth REQUIRED
http_access deny CONNECT !authenticated
Change the "authenticated" ACL as desired if you want to put additional
restrictions on who may use CONNECT.
Regards
Henrik
mån 2002-11-11 klockan 09.39 skrev George J. Jahchan, Eng.:
> Henrik,
>
> I need to prevent users from tunneling MSN & Yahoo Messengers (+ others) through squid, without resorting to clumsy URL blocking. I am thinking of three possible scenarios (ordered by decreasing desirability):
>
> 1) Authentication for CONNECT method: users cannot use the CONNECT method until explicitly authenticated to access the CONNECT method.
> 2) Disable the CONNECT method for everything but SSL traffic.
> 3) Disable the CONNECT method altogether.
>
> Are any of the above scenarios possible in current or forthcoming versions of Squid?
>
> TIA
Received on Mon Nov 11 2002 - 03:42:31 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:16 MST