On Sunday 17 November 2002 22.54, Matthew Kaminski wrote:
> Problem 1: Users are able to change the proxy settings of the
> browser, which is very bad, as that way they can basically bypass
> the proxy. I was thinking that I could disable assess on port 80
> from all hosts on my lan, excpet squid machine. that will cause
> that the ONLY way to access the new was through the squid machine.
> Can someone comment on that ??? is that the right way to do it ???
> I'm worried there may be some unwanted side effects... is that the
> case ???
Firewalling access to port 80 is fine if your policy is that all users
must use the proxy.
Automatic Interception of port 80 won't work if you require
authentiation.
> Problem 2: I currently have 2 users here, for which the
> authenticatio doesnt work. I have their username and passwords (for
> testing purposes). When i run squid_ldap_auth manually, it returns
> OK for both of them, yet squid fails to authenticate them and give
> them the access the the net. this is absurd and i need to eliminate
> it, otherwise i need to keep temporary web-access account which is
> unacceptable.
Do their passwords (or usernames) contain any strange characters?
Regards
Henrik
Received on Thu Nov 21 2002 - 10:21:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:29 MST