> > Thanks for the info. I have made the changes and here is my new script. > Let > me explain what happens now. > > # NETWORK OPTIONS > http_port 8085 > acl QUERY urlpath_regex cgi-bin \? > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > # OPTIONS WHICH AFFECT THE CACHE SIZE > cache_mem 32 MB > cache_swap_low 90 > cache_swap_high 95 > maximum_object_size 4096 KB > > # LOGFILE PATHNAMES AND CACHE DIRECTORIES > cache_dir ufs c:/squid/var/cache 1000 16 256 > access_log c:/squid/var/logs/access.log squid > cache_log c:/squid/var/logs/cache.log > #cache_store_log c:/squid/var/logs/store.log > debug_options ALL,1 > > # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS > allow_underscore on > dns_nameservers 192.168.2.3 192.168.2.1 > #auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe > #auth_param ntlm children 5 > auth_param negotiate program c:/squid/libexec/mswin_negotiate_auth.exe > auth_param negotiate children 5 > #auth_param basic program c:/squid/libexec/mswin_auth.exe > external_acl_type NT_global_group %LOGIN > c:/squid/libexec/mswin_check_lm_group.exe -G -c > > # ACCESS CONTROL LISTS > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl SSL_ports port 563 > acl Safe_ports port 80 # http > acl Safe_ports port 87 # http required for Telstra Statistics website > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl our_networks src 192.168.0.0/16 > acl NoAuthDomains dstdomain "c:/squid/etc/domains/NoAuthDomains.txt" > acl proxycustom2 external NT_global_group proxycustom2 > acl proxycustom1 external NT_global_group proxycustom1 > acl proxyfullaccess external NT_global_group proxyfullaccess > acl password proxy_auth REQUIRED > acl custom2domains dstdomain "c:/squid/etc/domains/custom2domains.txt" > acl custom1domains dstdomain "c:/squid/etc/domains/custom1domains.txt" > acl DeniedDomains dstdomain "c:/squid/etc/domains/DeniedDomains.txt" > acl CONNECT method CONNECT > acl FTP proto FTP > always_direct allow FTP > > http_access allow manager localhost > http_access deny manager > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost > http_access deny !our_networks > > http_access allow safe_ports NoAuthDomains > http_access allow safe_ports proxycustom2 custom2domains password > http_access allow safe_ports proxycustom1 custom1domains password > http_access allow password proxyfullaccess > http_access allow safe_ports !DeniedDomains password > http_access deny all > > # MISCELLANEOUS > logfile_rotate 10 > error_directory c:/squid/share/errors/English > > So the noauthdomains works. websites that used to not work now work in > that > domain list > the proxyfullaccess group works. i added 2 users and they can access > domains > in the denieddomains group > > now i have added 2 more custom groups. these 2 groups both have a > customdomains txt file associated. The txt file has a couple of domains > that > have been blocked in the denied domains list which I need to give them > access to. > > but for some reason i have added the users to this group... restarted > everything but they still get access denied when trying to go to those > domains. > > have i made any mistakes in the config? do the acl's need to be in a > particular order or is it just the http_access that need to be? > > Thanks in advance for your help :) > I can't see why it would not work. The ACL flow looks correct. I think you will need to raise 'debug_options ALL,1 29,6 28,6" and see whats doing the denial. personally i;d rearrange the ACL a little to show whats happening a bit better: http_access deny !Safe_ports ... http_access allow NoAuthDomains http_access deny !password http_access allow proxycustom2 custom2domains http_access allow proxycustom1 custom1domains http_access allow proxyfullaccess http_access allow !DeniedDomains Amos
