On 15/10/2013 3:48 p.m., James Shirley wrote:
Hi!
I'm trying to configure a squid acl to control what soap requests are
allowed to a backend web server..
Only I cannot see a configuration parameter directly specific to SOAP
(or XML) protocol. Or even a way to integrate the POST message content
Hi!
I'm trying to configure a squid acl to control what soap requests are
allowed to a backend web server..
Only I cannot see a configuration parameter directly specific to SOAP
(or XML) protocol. Or even a way to integrate the POST message content
in a helper application..
I have looked into va
Hello,
i'm using squid 2.6 Version 2.6.STABLE21 (provided with CentOS 5.x), using NTLM
AUTH.
Since I'm able to apply ACLs to Windows Groups, I'm just wondering if I can
apply an ACL only to a single user.
Should I need to create a group only for that user and apply an acl to that
group or there'
I got it,Thanks for your replies.
- Original Message -
From: "Amos Jeffries"
To: "wangwen"
Cc:
Sent: Wednesday, September 30, 2009 10:29 AM
Subject: Re: [squid-users] Squid "acl port"
On Wed, 30 Sep 2009 09:46:04 +0800, "wangwen" wrote
On Wed, 30 Sep 2009 09:46:04 +0800, "wangwen" wrote:
> Hi All.
>
> I have my question about the use of “acl port ” in squid.conf.
>
> Generally the proxy has the following three cases:
>
> 1. Standard proxy cache server: In order to realize this approach, We
must
> indicate the Ip and port of p
Hi All.
I have my question about the use of “acl port ” in squid.conf.
Generally the proxy has the following three cases:
1. Standard proxy cache server: In order to realize this approach, We must
indicate the Ip and port of proxy server in the browser of everyone internal
host.
2. Transparent
CopyrightPhilly wrote:
hi,
iv been trying for hours to try and get this to work,
basicly this is what i am wanting to do,
Deny if requested is not on allowed port
Allow local users accounts (got this working)
Allow if the requested url is *.mydomain.com
Deny if no the above
below what im usin
hi,
iv been trying for hours to try and get this to work,
basicly this is what i am wanting to do,
Deny if requested is not on allowed port
Allow local users accounts (got this working)
Allow if the requested url is *.mydomain.com
Deny if no the above
below what im using, - all the fully worki
It was a DNS zone problem that I've resolved. Thanks for all your help!
-Original Message-
From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 02, 2007 12:12 PM
To: Heaton, Tobias
Cc: Squid Users
Subject: Re: [squid-users] Squid ACL Problem
H
Heaton, Tobias escreveu:
No log entries are appearing from a network machine on the same subnet. The
only way I can generate an access.log entry is running the squidclient app w/
the URL:
squidclient http://www.apple.com
access.log:
247 127.0.0.1 TCP_MISS/200 10226 GET http://www.apple.com
: Heaton, Tobias
Cc: Squid Users
Subject: Re: [squid-users] Squid ACL Problem
Post your DENIED log entries in access.log.
Most probably apple.com site is using other domains different than
apple.com. So, despite apple.com is allowed, those others are denied and
the page cannot be accessed
Post your DENIED log entries in access.log.
Most probably apple.com site is using other domains different than
apple.com. So, despite apple.com is allowed, those others are denied and
the page cannot be accessed.
Post your DENIED logs please.
Heaton, Tobias escreveu:
The 'microso
m: Tek Bahadur Limbu [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 02, 2007 9:25 AM
To: Heaton, Tobias
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL Problem
Heaton, Tobias wrote:
> Hello - I hope I'm writing to the correct place!
>
> I have Squid running on RHAS4
Heaton, Tobias wrote:
Hello - I hope I'm writing to the correct place!
I have Squid running on RHAS4 and it has been running perfectly for some
time. I added some new ACLs and http_access protocols mirroring exactly
what existed. I then reconfigured the squid client and even restarted
the machin
Hello - I hope I'm writing to the correct place!
I have Squid running on RHAS4 and it has been running perfectly for some
time. I added some new ACLs and http_access protocols mirroring exactly
what existed. I then reconfigured the squid client and even restarted
the machine itself, and I absolute
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 06 July 2007 00:22
>To: Christian Vallant
>Cc: squid-users@squid-cache.org
>Subject: Re: [squid-users] Squid ACL
>
>> Hello,
>>
>> i need to solve following problem.
>> I
> Hello,
>
> i need to solve following problem.
> I have an ldap-server, which i use to authenticate the user.
> If the user is in the group, he has access to the group A. If the
> authentications fails, he has access to the group B.
>
> Can anyone tell me, how i can solve this problem.
>
> I have
Hello,
i need to solve following problem.
I have an ldap-server, which i use to authenticate the user.
If the user is in the group, he has access to the group A. If the
authentications fails, he has access to the group B.
Can anyone tell me, how i can solve this problem.
I have already have an
[EMAIL PROTECTED] wrote:
Hello,
I would like to setup squid this way.
All client from internal network(172.16.0.0) could reach external server
15.14.13.12 on all port.
Many thanks.
acl clients src 172.16.0.0/16
acl server dst 15.14.13.12
http_access allow clients server
Proper placement
Hello,
I would like to setup squid this way.
All client from internal network(172.16.0.0) could reach external server
15.14.13.12 on all port.
Many thanks.
ons 2006-09-20 klockan 11:28 +0100 skrev Mehmet, Levent (Accenture):
> Thanks
>
> Please can you explain what this line means with its characters:
>
> acl NWW dstdom_regex \.?nww\.
maybe a dot followed by nww followed by a dot, anywhere in the hostname
component of the requested URL.
Probably
.nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW
-Original Message-
From: Chris Robertson [mailto:[EMAIL PROTECTED]
Sent: 19 September 2006 19:56
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL (Is this Possible
:56
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL (Is this Possible)
Mehmet, Levent (Accenture) wrote:
> All
>
> I currently have a setup which sends different domains to different
> Cache_peers. This has been working fine with the below config.:
>
> cache_p
Mehmet, Levent (Accenture) wrote:
All
I currently have a setup which sends different domains to different
Cache_peers. This has been working fine with the below config.:
cache_peer 1.1.1.1 parent 80 80 no-query
cache_peer 2.2.2.2 parent 80 80 no-query
cache_peer 3.3.3.3 parent 3128 3130 no-que
All
I currently have a setup which sends different domains to different
Cache_peers. This has been working fine with the below config.:
cache_peer 1.1.1.1 parent 80 80 no-query
cache_peer 2.2.2.2 parent 80 80 no-query
cache_peer 3.3.3.3 parent 3128 3130 no-query
cache_peer_domain 3.3.3.3 parent
* Jason Bassett <[EMAIL PROTECTED]> wrote:
>
> I am therefore looking for the easiest and most time effective method
> of blocking rooms when required. Hostnames seemed to be the best way.
>
> Any ideas on this issue?
Restricting access an a per user Basis can also be done... just install
an id
Jason Bassett wrote:
Hello
I work in a secondary school with 5 IT suites each with 20-30
computers. I have created an acl for each room containing the
hostnames of the machines for examle, an acl called R32 for room 32
contains:
R32001
R32002
...
R32030
If I set this acl to deny, not all
Hello
I work in a secondary school with 5 IT suites each with 20-30 computers. I
have created an acl for each room containing the hostnames of the machines
for examle, an acl called R32 for room 32 contains:
R32001
R32002
...
R32030
If I set this acl to deny, not all machines are denied acc
ults. I've been able to have
squidGuard email offenders dynamically when they hit websites they
shouldn't have.
- Nick
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 14, 2006 7:24 AM
To: Nick Duda
Subject: RE: [squid-users] squid ac
* On 14/03/06 15:14 +0300, [EMAIL PROTECTED] wrote:
|
| I have a LAN with DHCP, and sometimes the ip addresses change, worse
| still i have many subnets.
| how should i structure my acl's to involve as little administration as
| possible.
|
| only a privileged few should access internet.
Use
tis 2006-03-14 klockan 15:14 +0300 skrev [EMAIL PROTECTED]:
> I have a LAN with DHCP, and sometimes the ip addresses change, worse
> still i have many subnets.
> how should i structure my acl's to involve as little administration as
> possible.
Use authentication.
Regards
Henrik
signature.a
, 2006 7:15 AM
To: squid-users@squid-cache.org
Subject: [squid-users] squid acl dhcp
I have a LAN with DHCP, and sometimes the ip addresses change, worse
still i have many subnets.
how should i structure my acl's to involve as little administration as
possible.
only a privileged few should a
I have a LAN with DHCP, and sometimes the ip addresses change, worse
still i have many subnets.
how should i structure my acl's to involve as little administration as
possible.
only a privileged few should access internet.
--
Peter Collins Wasenda
Network Administrator
Dear Squid Enlightened,
I was looking for a way by which I could filter the content as per the group
Example:
I have a group named Text , and Graphics
The users belonging to the Text group must be able to only view the
text of any website i.e all the Graphics , Flash gets restricted to
these
On Tue, 15 Feb 2005, Yong Bong Fong wrote:
A bug in Squid allows users to bypass certain access controls by passing a
URL containing "%00" which exploits the Squid decoding function.
See http://www.squid-cache.org/Advisories/SQUID-2004_1.txt for details of
this old vulnerability.
Does it mean tha
Dear all,
I read from http://esikker.dk/vul_14462.php says that
A bug in Squid allows users to bypass certain access controls by passing a
URL containing "%00" which exploits the Squid decoding function.
This may insert a NUL character into decoded URLs, which may allow
users to
bypass url_regex
Hi Thomas
I am not familiar too, but I write my acl-s different
I deny every trafic I don't want to have
the "http_access allow Safe_ports" ... allows everything i htink
the restrictions would I write
acl time1 time 08:00-10:00
acl time2 time 10:00-12:00
http_access deny slot1_ip !time1
http_a
> -Original Message-
> From: thomas [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 08, 2005 8:16 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] SQUID- ACL for different time frame for different
> block of IP addresses.
>
>
> Dear All
Dear All
Requirement has arisen to provide access to a group of machine
categorized based on IP address.
ACL created is as follows:-
acl fulltime_ip 10.10.10.40-10.10.10.254
acl slot1_ip src 10.10.10.25 10.10.10.3010.10.10.35
acl slot1_time time 08:00-10:00
acl slot2_ip src 10.10.10.39 10
On Sun, Sep 12, 2004 at 12:57:16PM +0200, Marek Pawinski wrote:
> I want to bypass my proxy server for a certain https url with a certain
> port, i have tried with webmin with no luck. What would i put in
> squid.conf to achieve this ?
What part of squid do you want to bypass? Obviously you cann
Hi
I want to bypass my proxy server for a certain https url with a certain
port, i have tried with webmin with no luck. What would i put in
squid.conf to achieve this ?
Marek
But you do not 'tell' him the program authentication:
the line with :
authenticate_program /.../ncsa_auth file_with_users !!
ok i think its a bad think to use webmin with squid
i prefer now to add directly to squid.conf
so i try
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
ac
> > after i add in my webmin's authentification plugin
> > /usr/lib/squid/ncsa_auth /etc/squid/usersUsers
> >
Change the permission of the /etc/squid/usersUsers file to cache_effective_user
setting user permission.
> You have to put a line
> auth_param basic program /usr/lib/squid/ncsa_auth /
deny1 wrote:
Who is Users?
see
http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#configuring-proxy-auth
ihave created /etc/squid/users and write my users and pass
after i add in my webmin's authentification plugin
/usr/lib/squid/ncsa_auth /etc/squid/usersUsers
A++
But in your squid.conf isn' it
Who is Users?
see http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#configuring-proxy-auth
ihave created /etc/squid/users and write my users and pass
after i add in my webmin's authentification plugin
/usr/lib/squid/ncsa_auth /etc/squid/usersUsers
A++
> hello good morning
> i am setting squid with the ncsa_auth plugin
>
What is your authentication program setting in squid.conf file?
Regards,
Muthukumar.
---
=== It is a "Virus Free Mail" ===
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.6
--- deny1 <[EMAIL PROTECTED]> a écrit : > hello good
morning
> i am setting squid with the ncsa_auth plugin
>
> here is my acls in squid.conf
>
> Recommended minimum configuration:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localdomain src 192.168.0.0/255.255.255.0
>
deny1 wrote:
hello good morning
i am setting squid with the ncsa_auth plugin
here is my acls in squid.conf
Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localdomain src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port
hello good morning
i am setting squid with the ncsa_auth plugin
here is my acls in squid.conf
Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localdomain src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl
On Mon, May 17, 2004 at 02:36:20PM +0200, Skarbet wrote:
> i'm using squid2.4stable7 and trying to stop user from
> downloading large file and access some server.this is
> my ACL:
>
> #My Access List
> acl limit_conn src 192.168.1.0/24
> acl 6conn maxconn 6
> acl post method post
> acl exe urlp
TED]
fr> cc:
Subject: [squid-users] Squ
I don't know if this will solve it but I have this rule at the end of my acl
(denies everything that doesn't match your rule)
http_access deny all
-Original Message-
From: Skarbet [mailto:[EMAIL PROTECTED]
Sent: Monday, May 17, 2004 8:36 AM
To: [EMAIL PROTECTED]
Subject: [s
Hi,
i'm using squid2.4stable7 and trying to stop user from
downloading large file and access some server.this is
my ACL:
#My Access List
acl limit_conn src 192.168.1.0/24
acl 6conn maxconn 6
acl post method post
acl exe urlpath_regex -i \.exe$
acl local src 192.168.1.0/24
acl download dstdomain
> The time acl is an exception that you can only list a single time
per
> line, but you can still list multiple lines.
That I did not know - thanks for the correction.
Adam
On Fri, 19 Sep 2003, Payal Rathod wrote:
> Wowww! I thought that three acls by the same name might create a
> problem.
Not as long as you always stuff the same type of content into the acl.
For most ACLs you can list as many things as you want to match on the same
line, or on multiple lines.
T
>> Then replace lunchbreak with the following
>>
>> acl coffeebreak time 09:00-10:00
>> acl coffeebreak time 13:00-14:00
>> acl coffeebreak time 18:00-19:00
>
> Wowww! I thought that three acls by the same name might
> create a problem.
No, all it does is combine them - just as if you did:
acl
On Fri, Sep 19, 2003 at 02:14:49PM +0200, Henrik Nordstrom wrote:
> On Fri, 19 Sep 2003, Payal Rathod wrote:
>
> > What if I have to allow from time 09:00-10:00 and 6:00-07:00 too with
> > lunchbreak?
> >
> > I mean the users can access hotmail, yahoo in the abvoe 3 hours only.
>
> Then replace
On Fri, 19 Sep 2003, Payal Rathod wrote:
> What if I have to allow from time 09:00-10:00 and 6:00-07:00 too with
> lunchbreak?
>
> I mean the users can access hotmail, yahoo in the abvoe 3 hours only.
Then replace lunchbreak with the following
acl coffeebreak time 09:00-10:00
acl coffeebreak ti
On Thu, Sep 18, 2003 at 03:28:27PM +0200, Henrik Nordstrom wrote:
acl my_network src 192.168.10.0/24 ...
[...]
Thanks for the mail. It worksbeautifully. Just one small question below.
> acl webmail dstdomain .yahoo.com .hotmail.com
> acl lunchbreak time 13:00-14:00
> http_access deny !lunchbreak
On Thu, 18 Sep 2003, Payal Rathod wrote:
> Hi,
> I am at a loss to configure squid acl meeting the following
> requirements.
>
> 1. All clients must have internet access throughout the day.
acl my_network src 192.168.10.0/24 ...
[used below]
> 2. Clients 192.168.10.1, 192.168.10.2, 192.168.10.
> I am at a loss to configure squid acl meeting the following
> requirements.
There is a Squid FAQ on how acl and http_access logic works; read that
if you haven't already.
You'll need src, time, and dstdomain acls to get this to work, and
you'll need to order them in http_acces properly. More in
Hi,
I am at a loss to configure squid acl meeting the following
requirements.
1. All clients must have internet access throughout the day.
2. Clients 192.168.10.1, 192.168.10.2, 192.168.10.5 (can be
changed to something appropriate if you wish) will have access to all
sites throughout the day.
3.
62 matches
Mail list logo
