Re: [squid-users] Kerberos Authentication in Relation to Connect ACLs

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 17 Apr 2010 14:54:55 +1200

GIGO . wrote:
> I get the following error whenever i try to use squid: (currently i am trying to use it from the AD which is also the KDC for squid to provide authentication.)
>
> Access Denied:
> Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
> (No pop open for authentication just whenever i try to open any webpage this error)
>
>
> However i dont think that i have done any settings to prevent users. I am not sure what is happening please guide.Is it something to do with the connect method ACLs.
>

Only if you somehow used CONNECT.

Did you use the CONNECT method to make the failing request?

>
> acl CONNECT method CONNECT
> # Only allow cachemgr access from localhost
> http_access allow manager localhost
> http_access deny manager
> # Deny request to unknown ports
> http_access deny !Safe_ports
> # Deny request to other than SSL ports
> http_access deny CONNECT !SSL_ports
> #Allow access from localhost
> http_access allow localhost
> auth_param negotiate program /usr/libexec/squid/squid_kerb_auth/squid_kerb_auth
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
> acl auth proxy_auth REQUIRED
> http_access deny !auth
> http_access allow auth
> http_access deny all
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.1
Received on Sat Apr 17 2010 - 02:55:03 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 17 2010 - 12:00:05 MDT