On Mon, 1 Mar 2004, GG BB wrote: > But with this rule in, I get that all users, even if > they don't set their Browsers to use a Proxy, can surf > the WEB withouth being authenticated by Squid, but > passing through the Proxy anyway (in fact I can see > them on my Access.log file)
This is most likely due to the fact that you can not combine authentication and transparent interception. For proxy authentication to be used the browser MUST be configured to use a proxy. You should notice this by quite massive complaints in cache.log if there is a users who do not have their proxy settings in the browser. > ## HTTP_ ACCESS SETTINGS > > http_access deny to_localhost > http_access deny !mylan > http_access allow myPwd > http_access allow mylan > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny all The above should read http_access allow manager localhost http_access deny manager http_access deny !mylan http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow myPwd mylan http_access deny all For details on how http_access works see the Suqid FAQ chapter 10 Access Controls. <url:http://www.squid-cache.org/Doc/FAQ/FAQ-10.html> Regards Henrik