On 27/10/17 20:22, Vieri wrote:
Hi,
I have:
debug_options rotate=1 ALL,1
and I'm getting lots of these messages in cache.log:
NOTICE: Authentication not applicable on intercepted requests.
I have a mixed tproxy/sslbump + auth (via
/usr/libexec/squid/negotiate_kerberos_auth) config. I know authentication can't
be done on intercepted requests.
I'd like to know how to fix my squid conf file in order to avoid logging this
message.
The relevant parts of my squid.conf should be:
external_acl_type nt_group ttl=0 children-max=50 %LOGIN
/usr/libexec/squid/ext_wbinfo_group_acl -K
auth_param negotiate program /usr/libexec/squid/negotiate_kerberos_auth -s
HTTP/myserver.mydomain....@mydomain.org
auth_param negotiate children 60
auth_param negotiate keep_alive on
auth_param basic realm My REALM proxy
You do not seem to be using Basic auth. Setting the realm for an unused
auth mechanism is pointless.
acl localnet src 10.0.0.0/8
acl localnet src 192.168.0.0/16
acl ORG_all proxy_auth REQUIRED
acl explicit myportname 3128
acl intercepted myportname 3129
acl interceptedssl myportname 3130
[...]
acl allowed_groups external nt_group "/opt/proxy-settings/allowed.groups"
[...]
acl restricted_groups external nt_group "/opt/proxy-settings/restricted.groups"
[...]
http_access deny SSL_ports ORG_all
http_access deny explicit !ORG_all
#http_access deny intercepted ORG_all
#http_access deny interceptedssl ORG_all
http_access deny intercepted !localnet
http_access deny interceptedssl !localnet
Try:
http_access deny explicit !ORG_all
http_access deny explicit SSL_ports
http_access deny intercepted !localnet
http_access deny interceptedssl !localnet
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
