is there a way to find out where the request is bing denied ?
Im trying the ip_user external helper ( as per the book)
external_acl_type ip_user_helper %SRC %LOGIN
/usr/libexec/squid/ip_user_check -f /etc/squid/ip_user.conf
and # cat /etc/squid/ip_user.conf
192.168.0.0/24 andrew
hepworth squ
a follow-on
ive turned up debugging to
debug_options ALL,1 33,2 28,9
squid.conf has
hepworth andrew # cat -n /etc/squid/squid.conf |grep ip_user
405 external_acl_type ip_user_helper %SRC %LOGIN
/usr/libexec/squid/ip_user_check -f /etc/squid/ip_user.conf
hepworth andrew #
hepworth andrew # ca
OS= gentoo linux
squid = 2.6.17
so ive tried to simplify this to see if i can work out whats going on
squid 2.6.17 on gentoo linux
/etc/squid/ip_user.conf
127.0.0.1 ALL
/etc/squid/squid.conf
hepworth andrew # grep ^[a-z] /etc/squid/squid.conf
auth_param basic children 5
auth_param basic realm Squid proxy-caching web se
ive got it configured like this
logformat squid %tl %ru %Ss %ru %un %ul %ue %ea
external_acl_type ip_user_helper %SRC %LOGIN
/usr/libexec/squid/ip_user_check -f /etc/squid/ip_user.conf
[EMAIL PROTECTED] ~ $ cat /etc/squid/ip_user.conf
127.0.0.1 ALL
hepworth squid # cat /etc/squid/squi
so ip_user wont actually do what i want ( the book isnt clear actually
what it is there for) - thanks Henrik
what i want is to get the currently logged-in user and pass it to squid
which will then authenticate against that with no further dialog boxes etc
. i can then add eg time-based ACLs
So
I think im also confused about the interaction between the browser, squid
and external authenticators in spite of reading Ch12 several times.
it says "..Ch6 lists tokens you can pass from squid -> helper and
"external ACL helper interface allows additional information from helper
to squid ...as k
grep ^[A-Za-z] /etc/squid/squid.conf
to include lines that start with spaces
grep ^[A-Za-z\ ] /etc/squid/squid.conf
4 users , 1 machine, with squid running and a GUI
Im having problems getting the time-based ACLs sorted. To test it ive
added a sat/sun ACL which should allow access between 08:00 and 10:00
Config 1
hepworth emma # cat /etc/squid/squid.conf |grep ^acl
acl all src 0.0.0.0/0.0.0.0
acl localho
there is something in all this i really am not understanding.Sorry to be
so stupid.
AIUI now, it looks at the ACLs and processes them until it finds one that
matches, and then it stops matching them and allows access. It will only
deny a page when its has processed all the ACLS and NOT found a ma
so is what i want to do actually possible ?
unixlogin emma logged into VT7
unixlogin andrew -> VT8
web page request from either -> squid requests login
if its emma & !testing -> access denied
if its emma & testing -> access allowed
switch to VT8 ( andrews desktop)
web page request -> squid re
this is my config
hepworth squid # grep ^acl /etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl andrew proxy_auth
acl emma proxy_auth
acl QUERY urlpath_r
12 matches
Mail list logo
