Hi List! I'm actually working with squid-2.5.STABLE3 installed on a Slackware 7.2
this box acts as a Gateway, Firewall and VPN(FreeSWAN) so I've set up my own private LAN and users It's all working fine now, Squid, Firewall, and so on, I just need that all users on the private LAN -MUST- go through the Squid-Firewall Box to surf the WEB.. at the moment I've added the Transparent Proxy iptables rule on my Firewall settings, through which all traffic passing through port 80 is then redirected to my Squid-Firewall box, on port 3128. -- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 -- But with this rule in, I get that all users, even if they don't set their Browsers to use a Proxy, can surf the WEB withouth being authenticated by Squid, but passing through the Proxy anyway (in fact I can see them on my Access.log file) what I wish to do is to set the Squid or Firewall settings to impose a Squid Authentication even if my users don't set their Browsers to use a Proxy, so USER1 Browser-configured --> Authentication = Allowed USER2 NoBrowser-configured --> Authentication or ERROR You are not allowed to ... I hope I've been clear enough ,if not, please ask for more information .. here are my Squid settings: ## GENERIC SETTINGS httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on emulate_httpd_log on auth_param basic program /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ## ACLs acl myPwd proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl mylan src 10.4.4.4/24 acl manager proto cache_object acl localhost src 192.168.1.80 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT ## HTTP_ ACCESS SETTINGS http_access deny to_localhost http_access deny !mylan http_access allow myPwd http_access allow mylan http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all Thanks !! ______________________________________________________________________ Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/