Scott Jarkoff wrote:
I have Squid setup so that it performs NTLM authentication from a
Windows 2003 Active Directory domain controller. It currently works
without issue, allowing only properly authenticated users web browsing
access and denying others.
What I would like to do is block certain accounts from web browsing.
When I implement such a block the users are presented with an
authentication dialog box, and then ultimately receive the proper deny
message in the browser. The problem is that I do not want them to be
prompted for valid credentials; they should be immediately denied
access.
Here is the appropriate areas of my configuration:
acl authenticated_users proxy_auth REQUIRED
acl denied_admin proxy_auth_regex -i "/etc/squid/denied_admin"
acl denied_users proxy_auth_regex -i "/etc/squid/denied_users"
http_access deny denied_users
http_access deny denied_admin
deny_info ERR_ACCESS_DENIED_ADMIN denied_admin
http_access allow authenticated_users
http_access allow localhost
http_access allow local_network
http_access deny all
Any ideas how I can get rid of the authentication dialog box that pops
up and just have the deny message issued immediately?
See http://www.squid-cache.org/mail-archive/squid-users/200603/0845.html
and http://www.squid-cache.org/mail-archive/squid-users/200603/0851.html
Chris
