> working. In the client side i tested with
> > a. ubuntu 9.04 box and with firefox 3.0, (here a java
> window is prompting
> > for user/pass and once i given the req info, then it
> says "Error Details"
> > in that Java window in dailyfx.com)
> >
> > b. with win XP and firefox and IE (both just given
> Error details)
> >
> > Now what can i do? to get this site working with our
> env
>
> Does the above http_access come before or after the
> http_access which
> allows people to access when authenticated?
Well...
the following is an extract from my squid.conf
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
### MY Rules begins here...
### Atuhentication
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
#http_access allow AuthorizedUsers
external_acl_type unix_group %LOGIN /usr/lib/squid/wbinfo_group.pl
### ACL Declarations!!!
acl top_acl external unix_group topusers
acl itusers_acl external unix_group itusers
acl power_acl external unix_group power
acl dusers_acl external unix_group dusers
acl duplus_acl external unix_group dusersplus
acl liusers_acl external unix_group liusers
acl usersplus_acl external unix_group usersplus
acl users_acl external unix_group users
acl nauthy_acl external unix_group naughty
acl ultimate_acl external unix_group ultimate
### For Java on dailyfx.com
#acl dailyfx_acl dstdomain .netdania.com
#http_access allow dailyfx_acl CONNECT
### For JAVA
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl testnet src 192.168.7.0/24
acl testnet src 192.168.8.0/24
http_access allow testnet Java
### Blocking Proxy Sites
acl proxy_sites dstdomain "/etc/squid/include-files/proxy_sites.squid"
http_access allow ultimate_acl proxy_sites
http_access deny proxy_sites
deny_info ERR_PROXY_SITES proxy_sites
### Acl defining off time
acl off_time_1 time ASMTWH 12:00-14:30
### Off timing for Thursday
#acl thursday_off_time time H 11:00-16:00
### Exclusion Site for power
acl power_exclusion_acl url_regex "/etc/squid/include-files/power_sites.squid"
http_access allow power_acl power_exclusion_acl
### ACL for IT Groups for technical reasons
acl techie_acl url_regex "/etc/squid/include-files/technical_sites.squid"
http_access allow itusers_acl techie_acl
### Yahoo messenger for Vista users
#acl vista_ip src "/etc/squid/include-files/vista_ip.squid"
#acl yahoomsngr_acl dstdomain .yahoo.com
#http_access allow vista_ip yahoomsngr_acl
### Bypass Rules
acl bypass_ip src "/etc/squid/include-files/bypass_ip.squid"
http_access allow bypass_ip all
### Personal mail Access Policies (Yahoo/Gmail etc)
acl mail_sites dstdomain "/etc/squid/include-files/mail_sites.squid"
http_access allow mail_sites top_acl
http_access allow mail_sites itusers_acl
http_access allow mail_sites power_acl
http_access allow mail_sites ultimate_acl
http_access allow mail_sites duplus_acl
http_access allow mail_sites usersplus_acl
#http_access allow mail_sites thursday_off_time dusers_acl
http_access allow mail_sites off_time_1 dusers_acl
#http_access allow mail_sites thursday_off_time users_acl
http_access allow mail_sites off_time_1 users_acl
http_access deny mail_sites
deny_info ERR_MAIL_SITES mail_sites
### Instant Messaging Sites Access Policies (meebo.com, etc)
acl instant_msg_sites dstdomain "/etc/squid/include-files/instant_msg.squid"
http_access allow instant_msg_sites top_acl
http_access allow instant_msg_sites itusers_acl
http_access allow instant_msg_sites power_acl
http_access allow instant_msg_sites ultimate_acl
http_access allow instant_msg_sites duplus_acl
http_access allow instant_msg_sites usersplus_acl
http_access allow instant_msg_sites off_time_1 dusers_acl
http_access allow instant_msg_sites off_time_1 users_acl
http_access deny instant_msg_sites
deny_info ERR_INST_MSG_SITES instant_msg_sites
### Temporarily blocking suspicious sites
acl suspicious_sites dstdomain "/etc/squid/include-files/suspicious_sites.squid"
http_access allow ultimate_acl suspicious_sites
http_access allow top_acl suspicious_sites
http_access allow power_acl suspicious_sites
http_access deny suspicious_sites
deny_info ERR_SUSPICIOUS_SITES suspicious_sites
### Exclusion list for sites (from bad words regular expression)
acl exclusion_list url_regex "/etc/squid/include-files/exclusion_list.squid"
http_access allow ultimate_acl exclusion_list
http_access allow top_acl exclusion_list
http_access allow itusers_acl exclusion_list
http_access allow power_acl exclusion_list
http_access allow dusers_acl exclusion_list
http_access allow duplus_acl exclusion_list
http_access allow usersplus_acl exclusion_list
http_access allow users_acl exclusion_list
http_access deny exclusion_list
deny_info ERR_BAD_WORDS_BOTH exclusion_list
and so on...
### Allow Rules
http_access allow top_acl
http_access allow itusers_acl
http_access allow power_acl
http_access allow duplus_acl
http_access allow dusers_acl
http_access allow usersplus_acl
http_access allow users_acl
http_access allow ultimate_acl
http_access deny liusers_acl
Received on Mon Sep 07 2009 - 07:13:29 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 07 2009 - 12:00:02 MDT