Hi All, I'm having some trouble getting the redirector_access directive to work correctly for me with SquidGuard. I'm using Squid2.5STABLE2 with Winbind/NTLM Group authentication (wb_ntlmauth, wb_group), but I have tried on STABLE3 also with no luck.
I have three global groups on my NT domain - staff, students, block Staff have unfiltered access Students are filtered through squidguard Users from both these groups can be added to the block group to disable their access for whatever reason The problem I am having is that when I add a user to the block group, it blocks as planned, but when I subsequently remove them, the redirector_access isn't working correctly. i.e. I add a 'Staff' member to 'block' and they lose access (correct), then I remove them from 'block' to re-instate access and then I find that the Staff member now gets passed through to the redirector rather than bypassing it. >From cache.log: 2003/06/24 10:02:41| redirectStart: 'http://www.traxxas.com/products/index.html' 2003/06/24 10:02:41| redirectHandleRead: {http://10.20.10.225/vw/denied.php?client=10.20.10.122&url=http://www.traxxa s.com/products/index.html 10.20.10.122/- domain\jturner GET} But the redirector doesn't even function correctly as this website (www.traxxas.com) is not in my whitelist. So most of the page loads and only some elements are blocked. If I restart Squid then the page is fully blocked, but forcing a refresh on my browser a couple of times will then half display the page again. As soon as I take out redirect_access (making everyone go through redirector) everything works as expected. I think the issue is probably with my ACL ordering, even though I have tried numerous combinations. I have verified that the user's group ACL's are being properly evaluated via cache.log, so it's not that. Below are the pertinent lines from squid.conf #Helper external_acl_type NTGroups ttl=10 negative_ttl=10 %LOGIN /usr/lib/squid/wb_group # ttl=10 for rapid testing #ACLS acl all src 0.0.0.0/0.0.0.0 acl FilteredUsers external NTGroups "/etc/squid/ntgroups-filtered" acl UnfilteredUsers external NTGroups "/etc/squid/ntgroups-unfiltered" acl BlockedUsers external NTGroups "/etc/squid/ntgroups-blocked" acl AuthorizedUsers proxy_auth REQUIRED redirector_access allow AuthorizedUsers FilteredUsers redirector_access deny AuthorizedUsers UnfilteredUsers http_access deny AuthorizedUsers BlockedUsers http_access allow AuthorizedUsers FilteredUsers http_access allow AuthorizedUsers UnfilteredUsers http_access deny all Any help would be appreciated. Thanks Regards Jay