Hello:
I am using squid and squid guard from a SuSE Linux 8.1 Distribution.
I told squid to use PAM as authentication mechanism.
My configuration is a router as dial-on-demand gateway for a private
network. On this router squid and squid guard are installed.
Every time an URL outside this private net is called a popup window
appears and asks for the username and appropriate password. After that
nothing more happens without a timeout.
In the access log I always find entries like that one:
1037533477.803 24 <my IP> TCP_DENIED/407 1362 GET
http://www.nasa.gov/ - NONE/- -
Someone told me "407" means Proxy Authentication required". And this
message points toward a PAM configuration promblem.
This I am not able to realize, because there was an authentication
process at the beginning of calling the URL.
In /etc/squid/squid.conf I set:
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /squid/cache 3000 16 256
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
redirect_program /usr/sbin/squidGuard
redirect_children 5
negative_ttl 5 seconds
acl checkpw proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access allow checkpw all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
cache_mgr root
What is wrong with that?
Any help appreciate!
Thank you in advance.
--
Rgds.
_ # Michael # _
Received on Thu Nov 21 2002 - 09:24:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:20 MST