Scott Jarkoff wrote:
> I have Squid setup so that it performs NTLM authentication from a
> Windows 2003 Active Directory domain controller. It currently works
> without issue, allowing only properly authenticated users web browsing
> access and denying others.
>
> What I would like to do is block certain accounts from web browsing.
> When I implement such a block the users are presented with an
> authentication dialog box, and then ultimately receive the proper deny
> message in the browser. The problem is that I do not want them to be
> prompted for valid credentials; they should be immediately denied
> access.
>
> Here is the appropriate areas of my configuration:
>
> acl authenticated_users proxy_auth REQUIRED
> acl denied_admin proxy_auth_regex -i "/etc/squid/denied_admin"
> acl denied_users proxy_auth_regex -i "/etc/squid/denied_users"
>
> http_access deny denied_users
> http_access deny denied_admin
> deny_info ERR_ACCESS_DENIED_ADMIN denied_admin
>
> http_access allow authenticated_users
> http_access allow localhost
> http_access allow local_network
> http_access deny all
>
> Any ideas how I can get rid of the authentication dialog box that pops
> up and just have the deny message issued immediately?
>
See http://www.squid-cache.org/mail-archive/squid-users/200603/0845.html
and http://www.squid-cache.org/mail-archive/squid-users/200603/0851.html
Chris
Received on Tue May 23 2006 - 11:05:35 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT