Re: [squid-users] proxy_auth repetition problems

From: Sylvester Manx <drachmadog@dont-contact.us>
Date: Wed, 4 Feb 2004 08:45:38 -0800 (PST)

I meant to send this to the list:
Thanks Henrik for your reply...

My last deny acl is http_access deny all...Do you mind
looking at the following and telling me what I'm doing
wrong? Thanks so much

###For Proxy Authentication ###
acl InternetUsers proxy_auth REQUIRED
#
###FTP allow Access###
acl FtpAccess proto FTP
acl FTP_Allowed_Users proxy_auth
"/etc/squid/FTP_Allowed_Users"
###File extension download prevention###
acl DenyDownloadExe url_regex -i
"/etc/squid/DenyDownloadExe"
acl DenyDownloadMime rep_mime_type
"/etc/squid/DenyDownloadMime"
acl AllowDownload dstdomain .microsoft.com

###For RetailUsers who have limited access ###
acl Retail_Allowed_Users proxy_auth
"/etc/squid/Retail_Users"
acl Retail_Allowed_Sites dst "/etc/squid/Retail_Sites"

http_access allow Retail_Allowed_Users
Retail_Allowed_Sites
http_access allow FTP_Allowed_Users FtpAccess
http_access allow AllowDownload

http_access deny DenyDownloadExe
deny_info ERR_ACCESS_DENIED_DL_EXE DenyDownloadExe
http_access deny Retail_Allowed_Users
deny_info ERR_ACCESS_DENIED_RETAIL
Retail_Allowed_Users
http_access deny FtpAccess
http_access allow InternetUsers

http_access allow localhost
http_access deny all

http_reply_access deny DenyDownloadMime
deny_info ERR_ACCESS_DENIED_DL_MIME DenyDownloadMime
http_reply_access allow all

--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> On Tue, 3 Feb 2004, Sylvester Manx wrote:
>
> > I am using smb_auth as the NTLM authenticating
> > utility. When I put a user in an acl that, for
> > example, denies them access to a site, they must
> enter
> > their username 3 times before they get the
> deny_info
> > page.
>
> They get the page on the first, but the browser only
> shows it once the
> authentication is cancelled (either by the browser
> limit of 3 attempts, or
> by pressing cancel).
>
> > Is there someway to avoid this? To have this
> > page come up after the first successful login?
>
> Don't deny the requests with a proxy_auth acl type.
> In most configurations
> it is simply a matter of making sure the last acl on
> your http_access deny
> line is not a proxy_auth acl. Note that this also
> affects deny_info as it
> too looks at the last acl.
>
> Regards
> Henrik
>
>

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
Received on Wed Feb 04 2004 - 12:32:22 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST