1) Thanks!
2)Here is my ACL and http access lines:
acl bad_url dstdomain "/xxx/Squid/etc/bad-sites.squid"
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl our_networks src 192.168.16.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl workdays time MTWHF 8:30-12:00
acl workdays time MTWHF 13:30-18:00
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Restrict cachemgr access
http_access allow manager localhost
http_access deny manager
# Block access to banned URLs
http_access deny bad_url workdays
# Allow users access on workdays
http_access allow our_networks workdays
#http_access allow out_networks
# Deny everything else
http_access deny all
#
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access deny bad_url
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
4) All I know is going through the squid as a proxy server disables the
login prompt. If I just access it with out proxy then I get an
authentication box.
5) Again can you explain this to me for me to get pages blocked to work:
>>> Yes. Create an ACL for normal login. Adding it to the end of the line
>>> For example:
>>> ... login setup
>>> acl loginACL proxy_auth REQUIRED
>>> http_access deny our_networks bad_url workdays !loginACL
6) Will look into WCCP and BSD...thanks
Received on Fri Oct 09 2009 - 00:18:03 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 09 2009 - 12:00:02 MDT