Truth Seeker wrote:
>> working. In the client side i tested with
>>> a. ubuntu 9.04 box and with firefox 3.0, (here a java
>> window is prompting
>>> for user/pass and once i given the req info, then it
>> says "Error Details"
>>> in that Java window in dailyfx.com)
>>>
>>> b. with win XP and firefox and IE (both just given
>> Error details)
>>> Now what can i do? to get this site working with our
>> env
>>
>> Does the above http_access come before or after the
>> http_access which
>> allows people to access when authenticated?
>
> Well...
>
> the following is an extract from my squid.conf
And squid reads it top-down....
>
> #Recommended minimum configuration:
> #
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access deny manager
> # Deny requests to unknown ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
> #
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> ### MY Rules begins here...
> ### Atuhentication
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> #auth_param ntlm max_challenge_reuses 0
> #auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access deny !AuthorizedUsers
... performs authentication. Which was your problem with Java...
order is important!
> #http_access allow AuthorizedUsers
> external_acl_type unix_group %LOGIN /usr/lib/squid/wbinfo_group.pl
>
> ### ACL Declarations!!!
> acl top_acl external unix_group topusers
> acl itusers_acl external unix_group itusers
> acl power_acl external unix_group power
> acl dusers_acl external unix_group dusers
> acl duplus_acl external unix_group dusersplus
> acl liusers_acl external unix_group liusers
> acl usersplus_acl external unix_group usersplus
> acl users_acl external unix_group users
> acl nauthy_acl external unix_group naughty
> acl ultimate_acl external unix_group ultimate
>
> ### For Java on dailyfx.com
> #acl dailyfx_acl dstdomain .netdania.com
> #http_access allow dailyfx_acl CONNECT
>
> ### For JAVA
>
> acl Java browser Java/1.4 Java/1.5 Java/1.6
> acl testnet src 192.168.7.0/24
> acl testnet src 192.168.8.0/24
> http_access allow testnet Java
>
>
> ### Blocking Proxy Sites
> acl proxy_sites dstdomain "/etc/squid/include-files/proxy_sites.squid"
> http_access allow ultimate_acl proxy_sites
> http_access deny proxy_sites
> deny_info ERR_PROXY_SITES proxy_sites
>
> ### Acl defining off time
> acl off_time_1 time ASMTWH 12:00-14:30
>
> ### Off timing for Thursday
> #acl thursday_off_time time H 11:00-16:00
>
> ### Exclusion Site for power
> acl power_exclusion_acl url_regex "/etc/squid/include-files/power_sites.squid"
> http_access allow power_acl power_exclusion_acl
>
>
> ### ACL for IT Groups for technical reasons
> acl techie_acl url_regex "/etc/squid/include-files/technical_sites.squid"
> http_access allow itusers_acl techie_acl
>
> ### Yahoo messenger for Vista users
> #acl vista_ip src "/etc/squid/include-files/vista_ip.squid"
> #acl yahoomsngr_acl dstdomain .yahoo.com
> #http_access allow vista_ip yahoomsngr_acl
>
> ### Bypass Rules
> acl bypass_ip src "/etc/squid/include-files/bypass_ip.squid"
> http_access allow bypass_ip all
>
> ### Personal mail Access Policies (Yahoo/Gmail etc)
> acl mail_sites dstdomain "/etc/squid/include-files/mail_sites.squid"
> http_access allow mail_sites top_acl
> http_access allow mail_sites itusers_acl
> http_access allow mail_sites power_acl
> http_access allow mail_sites ultimate_acl
> http_access allow mail_sites duplus_acl
> http_access allow mail_sites usersplus_acl
> #http_access allow mail_sites thursday_off_time dusers_acl
> http_access allow mail_sites off_time_1 dusers_acl
> #http_access allow mail_sites thursday_off_time users_acl
> http_access allow mail_sites off_time_1 users_acl
> http_access deny mail_sites
> deny_info ERR_MAIL_SITES mail_sites
>
>
> ### Instant Messaging Sites Access Policies (meebo.com, etc)
> acl instant_msg_sites dstdomain "/etc/squid/include-files/instant_msg.squid"
> http_access allow instant_msg_sites top_acl
> http_access allow instant_msg_sites itusers_acl
> http_access allow instant_msg_sites power_acl
> http_access allow instant_msg_sites ultimate_acl
> http_access allow instant_msg_sites duplus_acl
> http_access allow instant_msg_sites usersplus_acl
> http_access allow instant_msg_sites off_time_1 dusers_acl
> http_access allow instant_msg_sites off_time_1 users_acl
> http_access deny instant_msg_sites
> deny_info ERR_INST_MSG_SITES instant_msg_sites
>
>
> ### Temporarily blocking suspicious sites
> acl suspicious_sites dstdomain "/etc/squid/include-files/suspicious_sites.squid"
> http_access allow ultimate_acl suspicious_sites
> http_access allow top_acl suspicious_sites
> http_access allow power_acl suspicious_sites
> http_access deny suspicious_sites
> deny_info ERR_SUSPICIOUS_SITES suspicious_sites
>
>
> ### Exclusion list for sites (from bad words regular expression)
> acl exclusion_list url_regex "/etc/squid/include-files/exclusion_list.squid"
> http_access allow ultimate_acl exclusion_list
> http_access allow top_acl exclusion_list
> http_access allow itusers_acl exclusion_list
> http_access allow power_acl exclusion_list
> http_access allow dusers_acl exclusion_list
> http_access allow duplus_acl exclusion_list
> http_access allow usersplus_acl exclusion_list
> http_access allow users_acl exclusion_list
> http_access deny exclusion_list
> deny_info ERR_BAD_WORDS_BOTH exclusion_list
>
>
> and so on...
>
> ### Allow Rules
> http_access allow top_acl
> http_access allow itusers_acl
> http_access allow power_acl
> http_access allow duplus_acl
> http_access allow dusers_acl
> http_access allow usersplus_acl
> http_access allow users_acl
> http_access allow ultimate_acl
> http_access deny liusers_acl
>
>
>
>
>
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13Received on Mon Sep 07 2009 - 07:59:07 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 07 2009 - 12:00:02 MDT