Re: [squid-users] MSNT authentication - login window
On mån, 2008-11-03 at 09:25 -0200, Luciano Cassemiro wrote: http_access deny our_networks users forbidden_sites !directors This line requests authentication as the last acl on the line is authentication related (directors). Rewrite it to http_acccess deny out_networks !directors forbidden_sites and it will show an access denied message instead. And it also makes deny_info more natural if you want a custom error message based on forbidden_sites. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] MSNT authentication - login window
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It worked! Thanks so much for your help. Henrik Nordstrom escreveu: On mån, 2008-11-03 at 09:25 -0200, Luciano Cassemiro wrote: http_access deny our_networks users forbidden_sites !directors This line requests authentication as the last acl on the line is authentication related (directors). Rewrite it to http_acccess deny out_networks !directors forbidden_sites and it will show an access denied message instead. And it also makes deny_info more natural if you want a custom error message based on forbidden_sites. Regards Henrik -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJEYet4/f2ihDUoIkRAsdRAKC7oDpn8GWk4rDjnwZkUmaKEhuCCgCggcI6 SfFyWe4JjyP4bJVKQNOisJg= =2S1K -END PGP SIGNATURE-
Re: [squid-users] MSNT authentication - login window
Forgot to 'reply to all'. My bad Resend... Dear Henrik, my first acl: acl users proxy_auth REQUIRED so theres that defaults - acl our_networks, manager, localhost etc acl tecnology proxy_auth [users in this group] acl directors proxy_auth [users in this group] . . . . . until: acl forbidden_sites url_regex -i /path/forbidden_sites.txt acl forbidden_webmail blablabla and then: http_access deny our_networks users forbidden_sites !directors (keep denying webmail etc) http_access allow our_networks users http_access deny all Henrik Nordstrom escreveu: On fre, 2008-10-31 at 08:43 -0200, Luciano Cassemiro wrote: Everything is OK but what bothers me is: the login window shows up when an user tries to connect to a forbidden site then he fill with his credentials BUT after OK button the login window appears again and again until the user click cancel. This happens is the last acl on the http_access deny line denying access is realted to authentication. Now I am a little confused as the http_access rules you posted did not have this.. is there other http_access deny lines in your squid.conf? Regards Henrik
Re: [squid-users] MSNT authentication - login window
On fre, 2008-10-31 at 08:43 -0200, Luciano Cassemiro wrote: Everything is OK but what bothers me is: the login window shows up when an user tries to connect to a forbidden site then he fill with his credentials BUT after OK button the login window appears again and again until the user click cancel. This happens is the last acl on the http_access deny line denying access is realted to authentication. Now I am a little confused as the http_access rules you posted did not have this.. is there other http_access deny lines in your squid.conf? Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] MSNT authentication - login window
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a Squid3.0.STABLE9 @ Fedora 7 with MSNT authentication against a Win2003 AD. Everything is OK but what bothers me is: the login window shows up when an user tries to connect to a forbidden site then he fill with his credentials BUT after OK button the login window appears again and again until the user click cancel. I just want the cache access denied as soon as the user sends his credentials. Is that possible? - --- acl users proxy_auth REQUIRED acl forbidden_sites url_regex -i /path/forbidden_sites.txt [...] http_access deny users forbidden_sites http_access allow users http_access deny all - Thanks in advance -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJCuE84/f2ihDUoIkRAnYNAKCLGastwVgupeLFcQPX0gSm1vHQAgCg1juN 3uqSok68PCV7ro4eElJb02Y= =/OLJ -END PGP SIGNATURE-