Search squid archive

Re: is there something like failed_authenciate_ttl, remember failed auth and don't aks for a certain time again...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Markus.Rietzler@xxxxxxxxxxxxxx wrote:
hello,

we use so called "tunnel sites" with our proxy configuration. that means, we have two types of users: 1) user with (full) internet access, 2) users which only allowed to access certain websites. for this we have setup an acl which lists domains that are free to access

	dstdomain	.some.site
	dstdomain	.free.site
	dstdomain	.foo.com

the problem comes up, when these sites include stuff from other sites. most of the time ads, statitics. etc. so we have not only have to list the sites but also list "all" other sites. eg.

	dstdomain	.some.site
	dstdomain	.ad.server
	dstdomain	analytics.google.com
	dstdomain	.ivwbox.de

this is quite annoying. both for us but also for our users. we use ntlm auth. when they access those "tunnel" sites it happens that the (basic ntlm) auth dialog coming up, as the user was authenticated but not allowed to access internet, so squid asks for a user/password which has internet access.

See http://www.squid-cache.org/mail-archive/squid-users/200305/1106.html for an explanation of what's happening and a solution.

It's alluded to in the authentication section of the Wiki (http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication#head-ca6c847dd2974a610ef8f6a0e44319cb325f92b4), but could probably be more prominent.

is there any chance to change this? when an ad banner is included from another site, squid can't really know that this is a "good" ad because it comes from a free tunnel website.
there is a authenticate_ttl which "caches" successfull authentications. is there a way to have also not successfull authentications to be cached/rememebered for a certain time? eg. ask for authentication, user hits cancel and squid won't ask for another authentication for the next hour or so...

is there any other way to solve this problem?

--
mit freundlichen Grüßen

Markus Rietzler - <rietzler_software/>
Rechenzentrum der Finanzverwaltung NRW

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux