Re: [squid-users] Deny url in background

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 11 May 2012 15:50:21 +1200

On 11/05/2012 6:31 a.m., Usuário do Sistema wrote:
> Hello all,
>
> I'm again with a old issue for me that I have never been able figure out it.
>
> I allow a main url: http://www.tbanc.cl and in log show me that's ok as follow.
>
> TCP_MISS/200 10699 GET http://www.tbanc.cl/TBanc/ShowProperty? ereyes
> DIRECT/199.186.28.41 image/x-png1336673689.620 150 192.9.201.65
>
> but that url has some links to others sites which is blocked for this
> user "ereyes" so the authentication screen pop-up constantly!
>
> TCP_DENIED/407 1833 GET http://www.google-analytics.com/ga.js ereyes
> NONE/- text/html
>
> it's possible hide that authentication screen ? the proxy is
> integrated with Active Directory by NTLM.

You need to separate the authorize and authenticate oprations.

What you are currently doing is dropping a request for an already logged
in user saying they are not presenting the right credentials to access
that resource. Of course the browser is going to ask the user what the
right credentials are.

For example:
   # check login, reject if not
   http_access deny !loggedin
   # only logged in users can get here...

   # ... so check if they are allowed access to this site.
   http_access deny unwanted_sites

   # otherwise do whatever for allowing them access.
   http_access allow ...

Amos
Received on Fri May 11 2012 - 03:50:28 MDT

This archive was generated by hypermail 2.2.0 : Fri May 11 2012 - 12:00:03 MDT