Le 18/04/2024 à 18:42:57-0500, Grant Taylor a écrit
> On 4/18/24 2:46 PM, Albert Shih wrote:
> > So what I'm trying to do is to use ACL according to the user who make
> > the ssh connection, I don't want «another» authentication.
>
> About the only thing that comes to mind is RFC 931 (?) ident
On 4/18/24 2:46 PM, Albert Shih wrote:
So what I'm trying to do is to use ACL according to the user who make
the ssh connection, I don't want «another» authentication.
About the only thing that comes to mind is RFC 931 (?) ident (might be
okay on the same system) or something that matches the
Le 18/04/2024 à 18:13:41+0100, Francesco Chemolli a écrit
Hi,
> Sure, of course. It will work just as normal.
> The only type of ACLs that would need to be considered is source-based
Ok, thanks, but just to be sure, because re-reading myself I was not very clear
about my question.
So what I'm
Sure, of course. It will work just as normal.
The only type of ACLs that would need to be considered is source-based
@mobile
On Thu, 18 Apr 2024 at 18:09, Albert Shih wrote:
> Hi everyone
>
> If a user use a ssh tunnel to access to squid like
>
> ssh -L 3128:squid_server:3128 ssh-portal
>
On 2/26/21 12:45 PM, Justin Michael Schwartzbeck wrote:
> For case 2 and 3, what you are saying is that the browser is requesting
> the DNS lookup first, correct?
Correct, but that does not really matter.
> Hence the need for a reverse DNS from
> squid, since squid does not know at that point
Thanks for your answers Alex.
For case 1, I understand that should not be a problem, since squid is the
one asking for DNS resolution.
For case 2 and 3, what you are saying is that the browser is requesting the
DNS lookup first, correct? Hence the need for a reverse DNS from squid,
since squid
On 2/26/21 7:35 AM, Justin Michael Schwartzbeck wrote:
>> Yes, many HTTPS transactions do not expose destination domain until it
>> is too late to decide whether to bump them, and reverse DNS lookups are
>> often unreliable.
> I wonder why this would be.
I suspect you assume that a forward DNS
On 2/25/21 2:07 PM, Justin Michael Schwartzbeck wrote:
> I have thus far used dstdomain acl for bypassing ssl bump on sites that
> we don't want to decrypt, like banking sites. It seems to work for some
> sites, but not for others.
Yes, many HTTPS transactions do not expose destination domain
] On Behalf
Of Amos Jeffries
Sent: Friday, November 07, 2014 4:29 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid ACL, SSL-BUMP and authentication questions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/11/2014 8:35 p.m., squid-list wrote:
Hi, * **Access to google maps
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/11/2014 11:04 p.m., sq...@icshk.com wrote:
Hi Amos,
The configuration I post last time still cannot accomplish the
tasks.
I said the task was not possible.
You are trying to decide whether to authenticate, based on details
that will not be
On 15/10/2013 3:48 p.m., James Shirley wrote:
Hi!
I'm trying to configure a squid acl to control what soap requests are
allowed to a backend web server..
Only I cannot see a configuration parameter directly specific to SOAP
(or XML) protocol. Or even a way to integrate the POST message content
On Wed, 30 Sep 2009 09:46:04 +0800, wangwen wangw...@126.com wrote:
Hi All.
I have my question about the use of “acl port ” in squid.conf.
Generally the proxy has the following three cases:
1. Standard proxy cache server: In order to realize this approach, We
must
indicate the Ip and
I got it,Thanks for your replies.
- Original Message -
From: Amos Jeffries squ...@treenet.co.nz
To: wangwen wangw...@126.com
Cc: squid-users@squid-cache.org
Sent: Wednesday, September 30, 2009 10:29 AM
Subject: Re: [squid-users] Squid acl port
On Wed, 30 Sep 2009 09:46:04 +0800
CopyrightPhilly wrote:
hi,
iv been trying for hours to try and get this to work,
basicly this is what i am wanting to do,
Deny if requested is not on allowed port
Allow local users accounts (got this working)
Allow if the requested url is *.mydomain.com
Deny if no the above
below what im
[mailto:[EMAIL PROTECTED]
Sent: Thursday, August 02, 2007 9:25 AM
To: Heaton, Tobias
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL Problem
Heaton, Tobias wrote:
Hello - I hope I'm writing to the correct place!
I have Squid running on RHAS4 and it has been running perfectly
Heaton, Tobias wrote:
Hello - I hope I'm writing to the correct place!
I have Squid running on RHAS4 and it has been running perfectly for some
time. I added some new ACLs and http_access protocols mirroring exactly
what existed. I then reconfigured the squid client and even restarted
the
To: Heaton, Tobias
Cc: Squid Users
Subject: Re: [squid-users] Squid ACL Problem
Post your DENIED log entries in access.log.
Most probably apple.com site is using other domains different than
apple.com. So, despite apple.com is allowed, those others are denied and
the page cannot be accessed
Post your DENIED log entries in access.log.
Most probably apple.com site is using other domains different than
apple.com. So, despite apple.com is allowed, those others are denied and
the page cannot be accessed.
Post your DENIED logs please.
Heaton, Tobias escreveu:
The
Heaton, Tobias escreveu:
No log entries are appearing from a network machine on the same subnet. The
only way I can generate an access.log entry is running the squidclient app w/
the URL:
squidclient http://www.apple.com
access.log:
247 127.0.0.1 TCP_MISS/200 10226 GET
It was a DNS zone problem that I've resolved. Thanks for all your help!
-Original Message-
From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 02, 2007 12:12 PM
To: Heaton, Tobias
Cc: Squid Users
Subject: Re: [squid-users] Squid ACL Problem
Heaton
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 06 July 2007 00:22
To: Christian Vallant
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL
Hello,
i need to solve following problem.
I have an ldap-server, which i use to authenticate
Hello,
i need to solve following problem.
I have an ldap-server, which i use to authenticate the user.
If the user is in the group, he has access to the group A. If the
authentications fails, he has access to the group B.
Can anyone tell me, how i can solve this problem.
I have already
[EMAIL PROTECTED] wrote:
Hello,
I would like to setup squid this way.
All client from internal network(172.16.0.0) could reach external server
15.14.13.12 on all port.
Many thanks.
acl clients src 172.16.0.0/16
acl server dst 15.14.13.12
http_access allow clients server
Proper placement
.nhs.uk
cache_peer_access 3.3.3.3 allow NHS
cache_peer_access 3.3.3.3 allow NWW
never_direct allow NWW
-Original Message-
From: Chris Robertson [mailto:[EMAIL PROTECTED]
Sent: 19 September 2006 19:56
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid ACL (Is this Possible
ons 2006-09-20 klockan 11:28 +0100 skrev Mehmet, Levent (Accenture):
Thanks
Please can you explain what this line means with its characters:
acl NWW dstdom_regex \.?nww\.
maybe a dot followed by nww followed by a dot, anywhere in the hostname
component of the requested URL.
Probably
Mehmet, Levent (Accenture) wrote:
All
I currently have a setup which sends different domains to different
Cache_peers. This has been working fine with the below config.:
cache_peer 1.1.1.1 parent 80 80 no-query
cache_peer 2.2.2.2 parent 80 80 no-query
cache_peer 3.3.3.3 parent 3128 3130
* Jason Bassett [EMAIL PROTECTED] wrote:
I am therefore looking for the easiest and most time effective method
of blocking rooms when required. Hostnames seemed to be the best way.
Any ideas on this issue?
Restricting access an a per user Basis can also be done... just install
an ident
Jason Bassett wrote:
Hello
I work in a secondary school with 5 IT suites each with 20-30
computers. I have created an acl for each room containing the
hostnames of the machines for examle, an acl called R32 for room 32
contains:
R32001
R32002
...
R32030
If I set this acl to deny, not
If your on a domain (AD/NT) look at NTLM authentication. That in
combination with squidGuard (using net ads ldap searching) you can build
custom files of users for processing policies.
- Nick
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 14,
tis 2006-03-14 klockan 15:14 +0300 skrev [EMAIL PROTECTED]:
I have a LAN with DHCP, and sometimes the ip addresses change, worse
still i have many subnets.
how should i structure my acl's to involve as little administration as
possible.
Use authentication.
Regards
Henrik
signature.asc
* On 14/03/06 15:14 +0300, [EMAIL PROTECTED] wrote:
|
| I have a LAN with DHCP, and sometimes the ip addresses change, worse
| still i have many subnets.
| how should i structure my acl's to involve as little administration as
| possible.
|
| only a privileged few should access internet.
to have
squidGuard email offenders dynamically when they hit websites they
shouldn't have.
- Nick
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 14, 2006 7:24 AM
To: Nick Duda
Subject: RE: [squid-users] squid acl dhcp
thanks for your timely answer
On Tue, 15 Feb 2005, Yong Bong Fong wrote:
A bug in Squid allows users to bypass certain access controls by passing a
URL containing %00 which exploits the Squid decoding function.
See http://www.squid-cache.org/Advisories/SQUID-2004_1.txt for details of
this old vulnerability.
Does it mean that
-Original Message-
From: thomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 08, 2005 8:16 AM
To: squid-users@squid-cache.org
Subject: [squid-users] SQUID- ACL for different time frame for different
block of IP addresses.
Dear All
Requirement has arisen to provide access
Hi Thomas
I am not familiar too, but I write my acl-s different
I deny every trafic I don't want to have
the http_access allow Safe_ports ... allows everything i htink
the restrictions would I write
acl time1 time 08:00-10:00
acl time2 time 10:00-12:00
http_access deny slot1_ip !time1
On Sun, Sep 12, 2004 at 12:57:16PM +0200, Marek Pawinski wrote:
I want to bypass my proxy server for a certain https url with a certain
port, i have tried with webmin with no luck. What would i put in
squid.conf to achieve this ?
What part of squid do you want to bypass? Obviously you cannot
deny1 wrote:
hello good morning
i am setting squid with the ncsa_auth plugin
here is my acls in squid.conf
Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localdomain src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports
--- deny1 [EMAIL PROTECTED] a écrit : hello good
morning
i am setting squid with the ncsa_auth plugin
here is my acls in squid.conf
Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localdomain src 192.168.0.0/255.255.255.0
acl
hello good morning
i am setting squid with the ncsa_auth plugin
What is your authentication program setting in squid.conf file?
Regards,
Muthukumar.
---
=== It is a Virus Free Mail ===
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.698 /
Who is Users?
see http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#configuring-proxy-auth
ihave created /etc/squid/users and write my users and pass
after i add in my webmin's authentification plugin
/usr/lib/squid/ncsa_auth /etc/squid/usersUsers
A++
deny1 wrote:
Who is Users?
see
http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#configuring-proxy-auth
ihave created /etc/squid/users and write my users and pass
after i add in my webmin's authentification plugin
/usr/lib/squid/ncsa_auth /etc/squid/usersUsers
A++
But in your squid.conf isn'
after i add in my webmin's authentification plugin
/usr/lib/squid/ncsa_auth /etc/squid/usersUsers
Change the permission of the /etc/squid/usersUsers file to cache_effective_user
setting user permission.
You have to put a line
auth_param basic program /usr/lib/squid/ncsa_auth
But you do not 'tell' him the program authentication:
the line with :
authenticate_program /.../ncsa_auth file_with_users !!
ok i think its a bad think to use webmin with squid
i prefer now to add directly to squid.conf
so i try
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
I don't know if this will solve it but I have this rule at the end of my acl
(denies everything that doesn't match your rule)
http_access deny all
-Original Message-
From: Skarbet [mailto:[EMAIL PROTECTED]
Sent: Monday, May 17, 2004 8:36 AM
To: [EMAIL PROTECTED]
Subject: [squid-users]
Your first ACL allow full access from local network (192.168.1.0/24) if
your user arre inthis range squid will never go furher on the ACL check.
Move the first line at the end. So squid will proceed your deny first.
Ragards,
Arno
On Mon, May 17, 2004 at 02:36:20PM +0200, Skarbet wrote:
i'm using squid2.4stable7 and trying to stop user from
downloading large file and access some server.this is
my ACL:
#My Access List
acl limit_conn src 192.168.1.0/24
acl 6conn maxconn 6
acl post method post
acl exe
On Fri, 19 Sep 2003, Payal Rathod wrote:
What if I have to allow from time 09:00-10:00 and 6:00-07:00 too with
lunchbreak?
I mean the users can access hotmail, yahoo in the abvoe 3 hours only.
Then replace lunchbreak with the following
acl coffeebreak time 09:00-10:00
acl coffeebreak time
On Fri, Sep 19, 2003 at 02:14:49PM +0200, Henrik Nordstrom wrote:
On Fri, 19 Sep 2003, Payal Rathod wrote:
What if I have to allow from time 09:00-10:00 and 6:00-07:00 too with
lunchbreak?
I mean the users can access hotmail, yahoo in the abvoe 3 hours only.
Then replace lunchbreak
Then replace lunchbreak with the following
acl coffeebreak time 09:00-10:00
acl coffeebreak time 13:00-14:00
acl coffeebreak time 18:00-19:00
Wowww! I thought that three acls by the same name might
create a problem.
No, all it does is combine them - just as if you did:
acl coffeebreak
On Fri, 19 Sep 2003, Payal Rathod wrote:
Wowww! I thought that three acls by the same name might create a
problem.
Not as long as you always stuff the same type of content into the acl.
For most ACLs you can list as many things as you want to match on the same
line, or on multiple lines.
The time acl is an exception that you can only list a single time
per
line, but you can still list multiple lines.
That I did not know - thanks for the correction.
Adam
I am at a loss to configure squid acl meeting the following
requirements.
There is a Squid FAQ on how acl and http_access logic works; read that
if you haven't already.
You'll need src, time, and dstdomain acls to get this to work, and
you'll need to order them in http_acces properly. More
On Thu, 18 Sep 2003, Payal Rathod wrote:
Hi,
I am at a loss to configure squid acl meeting the following
requirements.
1. All clients must have internet access throughout the day.
acl my_network src 192.168.10.0/24 ...
[used below]
2. Clients 192.168.10.1, 192.168.10.2, 192.168.10.5
53 matches
Mail list logo