Merdouille wrote:
Hi
i use a transparent squid proxy and i want :
- access as manager with squidclient from localhost only
== http_access allow manager localhost
- allow only computer from localhost to go every where
== http_access allow locahost
These ACL you ask about are the bas
I used :
http_access allow manager localhost
http_access allow localnet PROTO METHOD
http_access deny all !port
I try to add deny_info options :
deny_infoTCP_RESET !manager !localhost
deny_infoTCP_RESET !localnet
deny_infoTCP_RESET !
Merdouille wrote:
I used :
http_access allow manager localhost
http_access allow localnet PROTO METHOD
http_access deny all !port
I try to add deny_info options :
deny_infoTCP_RESET !manager !localhost
deny_infoTCP_RESET !localnet
deny_info
I know its a strange config!
We have few webserver with hudge charge and those server needs files from
others compagnies.
This squid instance will cache those files.
For TCP_RESET, it maybe a bad for our server!
But it'll be usefull for others instances of squid i need.
I write init.d scripts t
On 02.04.09 03:00, Merdouille wrote:
> i use a transparent squid proxy and i want :
> - access as manager with squidclient from localhost only
> - allow only computer from localhost to go every where
>
> My ACLs :
> #== ACL
> # nom type
> acl all
hello,
I have implemented ACL's to restrict some users from browsing at specified
timesguess what some users are changing their IP addresses and browse...
Is they way squid can handle this?
Frank
t;[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 25, 2003 9:58 AM
Subject: Re: [squid-users]ACLS
>
> hello,
>
> I have implemented ACL's to restrict some users from browsing at specified
> timesguess what some users are changing their IP addresses a
t;
> Kind regards
> Adrian
> - Original Message -
> From: Frank Chibesakunda <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 25, 2003 9:58 AM
> Subject: Re: [squid-users]ACLS
>
> > hello,
> >
> > I have implemented ACL'
You asked this question earlier; you don't need to post it again.
Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
> I have implemented ACL's to restrict some users from browsing
> at specified timesguess what some users are changing
> their IP addresses and browse... Is they way squid can handle
> this?
You could try using authentication, and then use the username
instead of the IP address as the basis f
fre 2003-07-25 klockan 13.55 skrev Frank Chibesakunda:
> hello,
>
> I have implemented ACL's to restrict some users from browsing at specified
> timesguess what some users are changing their IP addresses and
> browse...
> Is they way squid can handle this?
Yes, by using authentication ra
On Thursday 31 July 2003 21.08, Fernando Maior wrote:
> acl blacklist url_regex -i "/etc/squid/block/blacklist1"
> acl blacklist url_regex -i "/etc/squid/block/blacklist2"
>
> Does squid search each file, in the order above,
> trying to match the request? Or it reads the files
> once at startup an
On Thu, 27 Jan 2005, Ricardo [iso-8859-1] López Urrutia wrote:
Does anyone mind sharing his/her squid.conf when using
squid_ldap_auth auth program?, I'm kind of stuck in how to connect with my AD
and the acl's needed to talk with the AD.
There is working examples for AD in the squid_ldap_a
No
That will allow access for the 192.168.0.x network.
192.168.0.0 / 16 will work for the class B
-Original Message-
From: Josep Girbés [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 August 2005 10:24 a.m.
To: squid-users@squid-cache.org
Subject: [squid-users] ACLs
Hi,
If I want to def
> If I want to define an ACL to permit access to all
> users of
> 192.168.X.X 255.255.255.0
>
>
> http_access allow myclients
>
Yes. IF you want to control machines with ip-address
from 192.168.0.1 to 192.168.0.255.
acl myclients src 192.168.0.0/24
http_access allow myclients
When I said 192.168.X.X. I want to say to control machines with
ip-address from 192.168.0.1 to 192.168.255.254.
I am grateful to Diego Woitasen say to me:
acl myclients src 192.168.0.0/16 or 255.255.0.0
http_access allow myclients
Is it correct?
Thanks.
On Tue, 24 Feb 2004, galle wrote:
> Hi all !!
> How can i know which ACL is allowing or denying access to a site
> (whitout increasing the log level and looking for it in the cache.log)
Not easy, but you could use deny_info returning different messages
depending on the acl.
> Is there any com
yay! :)
On 11/11/10 23:39, Edmonds Namasenda wrote:
Much appreciated for the previous help.
Some more clarification on the in-line requests below.
On Wed, Nov 10, 2010 at 2:38 PM, Amos Jeffries wrote:
On 09/11/10 20:25, Edmonds Namasenda wrote:
Dear all.
Using openSuse 11.2 and Squid 3.0 St
Yeah, I guess I am getting there.
Please look in-line...
>>
>> How do I enforce password authentication ONLY ONCE for users to
>
> What do you mean by "ONLY ONCE"? A user can be authenticated or not, there is
> no multiple about it.
No continuous authentication required with every URL accessed or
On 12/11/10 01:22, Edmonds Namasenda wrote:
Yeah, I guess I am getting there.
Please look in-line...
How do I enforce password authentication ONLY ONCE for users to
What do you mean by "ONLY ONCE"? A user can be authenticated or not, there is
no multiple about it.
No continuous authenticat
Thank you all.
On Thu, Nov 11, 2010 at 4:19 PM, Amos Jeffries wrote:
> On 12/11/10 01:22, Edmonds Namasenda wrote:
>>
>> No continuous authentication required with every URL accessed or
>> re-directions once the first log-in is accepted.
>
> Understood. That is not possible.
>
> HTTP is by design
On 12/11/10 04:08, Edmonds Namasenda wrote:
Thank you all.
On Thu, Nov 11, 2010 at 4:19 PM, Amos Jeffries wrote:
On 12/11/10 01:22, Edmonds Namasenda wrote:
No continuous authentication required with every URL accessed or
re-directions once the first log-in is accepted.
Understood. That is
Amos, thank you for the responses always.
On Thu, Nov 11, 2010 at 6:56 PM, Amos Jeffries wrote:
>
> On 12/11/10 04:08, Edmonds Namasenda wrote:
>> I believe I am a better squid administrator than when I joined. Throw me a
>> bone!
>>
>
> Switch "users" with "browsers" and you have it right. The
On 12/11/10 18:18, Edmonds Namasenda wrote:
Amos, thank you for the responses always.
On Thu, Nov 11, 2010 at 6:56 PM, Amos Jeffries wrote:
On 12/11/10 04:08, Edmonds Namasenda wrote:
I believe I am a better squid administrator than when I joined. Throw me a bone!
Switch "users" with "b
FWIW: this is all covered in details in the wiki:
http://wiki.squid-cache.org/Features/Authentication
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
[EMAIL PROTECTED] wrote:
Or any other external source for that matter. i'm looking for the ability
to *define* ACLs dynamically, not just statically reference a dynamic list
of urls (for example).
This is to allow on-the-fly creation of groups, and new policies that
apply to those groups, witho
paul cooper wrote:
4 users , 1 machine, with squid running and a GUI
Im having problems getting the time-based ACLs sorted. To test it ive
added a sat/sun ACL which should allow access between 08:00 and 10:00
Your time ACL appears to be working. It's your usage of http_access
thats screwi
there is something in all this i really am not understanding.Sorry to be
so stupid.
AIUI now, it looks at the ACLs and processes them until it finds one that
matches, and then it stops matching them and allows access. It will only
deny a page when its has processed all the ACLS and NOT found a ma
paul cooper wrote:
there is something in all this i really am not understanding.Sorry to be
so stupid.
AIUI now, it looks at the ACLs and processes them until it finds one that
matches, and then it stops matching them and allows access. It will only
deny a page when its has processed all the ACL
so is what i want to do actually possible ?
unixlogin emma logged into VT7
unixlogin andrew -> VT8
web page request from either -> squid requests login
if its emma & !testing -> access denied
if its emma & testing -> access allowed
switch to VT8 ( andrews desktop)
web page request -> squid re
Hi,
On Tue, Mar 25, paul cooper wrote:
> so is this login stored in the cache somewhere ?
> I need to flush the cache when i change user ?
squid caches the authentication results, I think the default is 2h.
Please have a look for the keywords in your default squid.conf:
"max_user_ip" and "crede
paul cooper wrote:
so is what i want to do actually possible ?
If I understand your intentions correctly yes it is:
http_access deny !Safe_ports
http_access emma weekends
http_access andrew
http_access deny
non-safe port access denied
emma only logging in on weekends, not accepted ot
On Tue, 2008-03-25 at 15:07 +, paul cooper wrote:
> so is what i want to do actually possible ?
>
> unixlogin emma logged into VT7
> unixlogin andrew -> VT8
>
> web page request from either -> squid requests login
For trusted stations you can make use of the ident service to tell Squid
whi
this is my config
hepworth squid # grep ^acl /etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl andrew proxy_auth
acl emma proxy_auth
acl QUERY urlpath_r
mån 2008-03-31 klockan 22:13 +0100 skrev paul cooper:
> this is my config
> hepworth squid # grep ^acl /etc/squid/squid.conf
> acl all src 0.0.0.0/0.0.0.0
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
>
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT met
Squidguard, as far as i know, still being updated, but there is no mailing
list for it. I use squidGuard and I like it. Squid ACLs might be fine for
you, it depends on what your needs are.
Do you want to filter out certain types of sites? Like gambling, auctions,
porn? Do you have a computer use p
Angela Burrell ha scritto:
Squidguard, as far as i know, still being updated, but there is no mailing
list for it. I use squidGuard and I like it. Squid ACLs might be fine for
you, it depends on what your needs are.
I was actually thinking to place the RegEx filters (with which I use to
filter ou
On Mon, 2004-07-12 at 10:59, Angela Burrell wrote:
> Squidguard, as far as i know, still being updated, but there is no mailing
> list for it.
There have been no formal updates since Dec 2001. There may be lots of
informal patches out there though.
List is very low volume. List and archives are a
for
the date it was last updated.
--Angela
-Original Message-
From: Boniforti Flavio [mailto:[EMAIL PROTECTED]
Sent: July 12, 2004 11:14 AM
To: Angela Burrell
Cc: squid users
Subject: Re: [squid-users] ACLs and squidGuard!?
Angela Burrell ha scritto:
> Squidguard, as far as i know, s
On Mon, 12 Jul 2004, Boniforti Flavio wrote:
> I was actually thinking to place the RegEx filters (with which I use to
> filter out multimedia/streaming content) in squid.conf, instead of using
> them with squidguard... What do you think of this? I mean: I actually
> should allow *some* people
On Tue, 13 Apr 2004, Santiago Montalvan wrote:
> I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2,
> 128MB of RAM, and a 15.7GB HD. That said I believe I can move on and
> address some of the questions I have.
>
> 1) I would like to change the error messages to show th
On 3/02/2012 7:41 a.m., Wladner Klimach wrote:
Hi everyone!
I need my squid to deal with some users in a different way. I'm
running kerberos authetication scheme, so only authenticated users can
access the cache. How could I make an ACL to group some authenticated
users in order to deny or allow
On Wednesday 28 May 2003 04.57, Josh Dixon wrote:
> I have a strange situation, where the acls are working as designed,
> and the http_access rules are denying and allowing as requested,
> but instead of displaying an error page to the browser, it prompts
> the user for their username & password.
Hi Henrik,
Thanks for your info. I just tried moving The http_access order around
a bit with no luck.
I've actually had this working correctly previously, and when a user is
authenticated, the error page is displayed, and the user is not asked
for authentication.
If the user cancels the authenti
[EMAIL PROTECTED] said:
>
> If I place my ACL definitions in a text file, and add URLs to the file
> during working hours,
> is it sufficient to just save the file for the new URLs to be allowed, or
> is it necessary to
> do something like rotating logs or restarting Squid?
sbin/squid -k reconfigu
On Sun, 20 Feb 2005 07:18 am, [EMAIL PROTECTED] wrote:
> If I place my ACL definitions in a text file, and add URLs to the file
> during working hours, is it sufficient to just save the file for the new
> URLs to be allowed, or is it necessary to do something like rotating logs
> or restarting Squi
On Tue, 22 Feb 2005, James Gray wrote:
Henrik: is there a major difference between sending a HUP signal or using "-k
reconfigure" ???
None really.
With -k you don't need to figure out which pid to send the signal to as
Squid does this for you..
Regards
Henrik
On Mon, 19 Jan 2004, Sylvester Manx wrote:
> 1. How can I design ACLs that allow users within
> these two groups to be recognized by squid and
You have two options
a) Define the groups explicitly by listing the user names in proxy_auth
acls, either directly in squid.conf or in an included fla
Correct, just when you need to restrict a particular IP, you need a
second ACL to match it, and stack the "http_access deny" line. ie:
acl denied_ip src 192.168.5.60
http_access deny denied1 denied_ip
FYI, Facebook added another domain recently, so you may want to add it.
I don't recall what it
On Wed, 13 Apr 2011 10:37:12 -0300, Soporte Técnico wrote:
Hi, i´m a basic (basic basic as gwbasic) configurator of squid, and I
need
to deny facebook to some users on my network.
I think
deny1.txt (content)
.facebook.com
.fbcdn.net
acl denied1 dstdomain “/usr/local/etc/squid/deny1.txt”
how
On 20/05/11 01:27, David Touzeau wrote:
Hi all...
I need help...
I would like to understand why squid refuse the SSL upload command using
'ldapauth'
here it is the debug events :
2011/05/19 12:39:17.931| httpParseInit: Request buffer is CONNECT
lennyleonard.wetransfer.com:443 HTTP/1.0
Host: len
> I've recently installed a Squid 2.6STABLE16 system in a country that
> requires all web browsing to go through a government-specified proxy
> server. The Government runs a non-transparent proxy setup that must be
> explicitly listed in the Squid configuration.
>
> That would normally be easy, as
Adam McCarthy escreveu:
After much fussing, I seem to have a working Squid 2.6 working against
a Samba 3 PDC.
My only question is now, can I say, ok, if you finds my username, give
it complete access.
Then perhaps, if it sees user, "bob" perhaps, then it says, only give
them windowsupdate.mic
On 19/02/2013 8:19 a.m., David Touzeau wrote:
Dear i need some clarifications about the "AND" operator in
http_access (or any other tokens using ACLs)
I cannot found where i'm missed...
I need to bann some websites except for some specified users.
i create 2 acls:
acl MyAllowedU proxy_auth
Dylan Palmboom wrote:
Hi
I have searched all over for an answer to this but could not find
anything...
Please could someone explain to me what the best practice is when it comes
to
blocking ip addresses in a dhcp environment. If I block an ip address with
eg.
acl BlockedHost src 192.168.1.15
h
On 2/12/2011 5:43 a.m., Greg Whynott wrote:
looking for guidance on creating delay pools, something I've never
done before and because its a production system, I'd like to minimize
my down time or the amount of time i'd be here if I have to come in on
the weekend to do it.
It looks like
56 matches
Mail list logo
