Re: [squid-users] user problem
espoire20 wrote: have a small problem with squid in access list, I need to block an IP address of a machine does not connect to internet even if it has the address of the proxy and port in the Internet option is that it is possible ? because I have some person who installs firefox mozzila he put the address of the proxy and the port it connects or it connects with a user of another person i use this but not working : acl user1 src 10.60.6.7 httpd_access deny user1 Try it with http_access deny user1 HTH Matt
Re: [squid-users] google safebrowsing
Matus UHLAR - fantomas wrote: On 29.01.09 09:47, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote: no not like that i mean using external like phishtank.com put .phishtank.com to /etc/squid/dangerwebsite.txt On Wed, Jan 28, 2009 at 7:47 PM, zulkarnain sizu...@yahoo.com wrote: acl dangerwebsite url_regex /etc/squid/dangerwebsite.txt http_access deny dangerwebsite No, I think he means he wants to use external lists for blocking domains, something akin to what SpamCop does for email.
Re: [squid-users] Squid 3.1.0.3 not caching anything
Amos Jeffries wrote: Cache-Control: no-cache, no-store, private all prevent caching, as does authentication unless 'pubic' is listed. Wow I didn't realise squid dealt with matters of the pubic region. I'll have to take another look at my squid.conf :) Sorry, couldn't resist, what with it being being 3:17am on christmas day. I should get some sleep. Happy holidays to all that celebrate it. Matt
Re: RES: [squid-users] How can I block a https site?
Ricardo Augusto de Souza wrote: I am still not able to block https sites. I tested all you sugested here. I am using transparent proxy. I am redirecting all outgoing traffic to port 80 to squid port 3128. If i redirect 443 port to squid i wont be able to access ANY https site. I'm no squid expert but unless the https traffic is actually going through squid it isn't up to squid to block it. If you can get squid to proxy your https traffic then it will probably be able to block it, if not, you will have to use some other software to block the https sites. HTH Matt
[squid-users] integration with active directory
Hi all, I have a gentoo box that acts as a firewall, router and squid proxy. I've been following a guide[1] to integrate squid authentication with our active directory domain. The guide is a little bit out of date and it doesn't seem to work for me. Authentication is refused to non-authenticated users without prompting for credentials (i want to be prompted) but it is also refused for users logged into the domain. Has anyone successfully got this to work? If so can you supply any tips for my squid.conf? Let me clarify a little bit: Before attempting this integration, I had an acl line like this: acl internal src 10.194.217.0/24 And i'm allowing that like so: http_access allow internal I'm just not sure how to change this to allow access to authenticated users while prompting for those not authenticated. As far as the guide I have mentioned goes, my kerberos and ldap are working perfectly and samba is joined to the domain. winbind is running and using the ntlm helper tests from the guide it appears that authentication for users against the AD is working. The problem is that squid.conf is a very large config file and I've only ever played with a few options (1 acl, nothing more complex). Many thanks Matt [1]http://cryptoresync.com/2006/05/18/installing-squid-with-active-directory-authentication/
Re: [squid-users] integration with active directory
I've actually just about solved this. It was due to me being lazy and adding the acls to the very end of the file, hence the deny all in the acl section was running before my allow. Using the config example from the squid site I have resolved this. The only disappointment now is that it won't work with transparent redirection. This means I've got to find out how to implement a group policy for firefox which seems to be difficult if not impossible. Thanks Matt
