I would like non authenticated users to be rediercted to an internal site and have no access. I would like users when they initially connect to be redirected to a internal web site. Then they will authenticate with a link on the web site via radius and then surf. Squidguard redirects users to the internal site. After the users authenticate they should be allowed to surf freely.
-----Original Message----- From: Rick Matthews [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2003 10:00 PM To: James Ambursley Cc: [EMAIL PROTECTED] Org Subject: RE: redirect authenticate and surf James Ambursley writes: > > Please help, I would like to have users authenticate, via radius > and redirect to a page. Only authenticated users can surf freely. > All users are redirected to the page, then authenticate, then surf > freely. If I am interpreting correctly, the two important points from your statements above are: > users authenticate via radius > Only authenticated users can surf freely. Is that meant to be different from "Only authenticated users are allowed access"? Do you want to allow limited access to non-authenticated users? What part do you want squidGuard to play in this? Does your squid configuration authenticate properly without squidGuard? (comment out redirect_program) > I have tried many combinations, and none work. I guess I need to better understand what you are trying to do. Squid can handle authentication and access control. Get that part working first before you factor squidGuard into the mix. > My redirector is squidguard. I have been able to redirect, but > users at the page are only able to surf to pages which I preset in > my list file. That's exactly what you told squidGuard to do in squidGuard.conf: - You haven't defined any source groups, so everyone is processed under the default acl. - The default acl is "pass test none". This says to allow access to the test destination group, which you said includes 4 domains. - If the incoming request is not for one of those 4 domains, you've told squidGuard to redirect anybody and everybody to: "http://10.190.1.86/?"; Please provide additional information so that we can help. Rick > _________________________________________________________ > My squid.conf is below: > > http_port 80 > icp_port 80 > httpd_accel_host 10.190.1.86 > acl acceleratedHost dst 127.0.0.1/255.255.255.255 > httpd_accel_port 80 > httpd_accel_host 127.0.0.1 > udp_incoming_address 0.0.0.0 > udp_outgoing_address 255.255.255.255 > hierarchy_stoplist cgi-bin ? > #acl QUERY urlpath_regex cgi-bin \? > acl QUERY url_regex cgi-bin \? > no_cache deny QUERY > no_cache deny acceleratedHost > #requests for localhost not going to peer > always_direct allow acceleratedHost > cache_dir ufs /usr/local/squidtest/var/cache 100 16 256 > cache_access_log /usr/local/squidtest/var/logs/access.log > cache_log /usr/local/squidtest/var/logs/cache.log > log_ip_on_direct on > pid_filename /usr/local/squidtest/var/logs/squid.pid > hosts_file /etc/hosts > cache_effective_user squid > cachemgr_passwd secret password > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > negative_ttl 2 minutes > emulate_httpd_log on > # > #USER ACCESS PART > auth_param basic program /opt/squid/auth/bin/squid_rad_auth -c > /opt/squid/auth/etc/squid_rad_auth.conf > auth_param basic children 10 > #auth_param basic realm MY Squid proxy-caching server > auth_param basic credentialsttl 1 minutes > redirect_program /usr/local/squidguard/bin/squidGuard -c > /usr/local/squidguard/squidguard.conf > redirect_children 20 > #acl foo proxy_auth REQUIRED > #acl foo proxy_auth username > #http_access allow foo > #acl daytime time 08:00-17:00 > #authenticate_ttl 30 seconds > # > acl allowed_hosts src 10.190.1.0/255.255.255.0 > acl all src 0.0.0.0/0.0.0.0 > http_access allow allowed_hosts > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 110 # pop3 > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 25 # smtp > #acl Safe_ports port 70 # gopher > #acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > #acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > #http_access allow redirect_access > #http_access allow foo > http_reply_access allow Safe_ports > icp_access allow Safe_ports > visible_hostname MYSQUID > httpd_accel_single_host on > httpd_accel_with_proxy on > forwarded_for on > log_icp_queries on > error_directory /usr/local/squidtest/share/errors/English > ie_refresh off > #http_access allow bar > http_access allow all > http_access allow localhost > http_access allow acceleratedHost > #http_access allow acceleratedPort > http_access allow Safe_ports > http_access allow localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > _______________________________________________________________ > > my squidguard.conf is below > > logdir /usr/local/squidguard/logs > #dbhome /usr/local/squidguard/db > dest test { > domainlist /usr/local/squidguard/list > } > > acl { > default { > pass test none > redirect http://10.190.1.86/? > } > } > > My allowed list: > > more /usr/local/squidguard/list > > excite.com > winproxy.com > buy.com > imgfarm.com > >
