> working. In the client side i tested with > > a. ubuntu 9.04 box and with firefox 3.0, (here a java > window is prompting > > for user/pass and once i given the req info, then it > says "Error Details" > > in that Java window in dailyfx.com) > > > > b. with win XP and firefox and IE (both just given > Error details) > > > > Now what can i do? to get this site working with our > env > > Does the above http_access come before or after the > http_access which > allows people to access when authenticated? Well... the following is an extract from my squid.conf #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS ### MY Rules begins here... ### Atuhentication auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl AuthorizedUsers proxy_auth REQUIRED http_access deny !AuthorizedUsers #http_access allow AuthorizedUsers external_acl_type unix_group %LOGIN /usr/lib/squid/wbinfo_group.pl ### ACL Declarations!!! acl top_acl external unix_group topusers acl itusers_acl external unix_group itusers acl power_acl external unix_group power acl dusers_acl external unix_group dusers acl duplus_acl external unix_group dusersplus acl liusers_acl external unix_group liusers acl usersplus_acl external unix_group usersplus acl users_acl external unix_group users acl nauthy_acl external unix_group naughty acl ultimate_acl external unix_group ultimate ### For Java on dailyfx.com #acl dailyfx_acl dstdomain .netdania.com #http_access allow dailyfx_acl CONNECT ### For JAVA acl Java browser Java/1.4 Java/1.5 Java/1.6 acl testnet src 192.168.7.0/24 acl testnet src 192.168.8.0/24 http_access allow testnet Java ### Blocking Proxy Sites acl proxy_sites dstdomain "/etc/squid/include-files/proxy_sites.squid" http_access allow ultimate_acl proxy_sites http_access deny proxy_sites deny_info ERR_PROXY_SITES proxy_sites ### Acl defining off time acl off_time_1 time ASMTWH 12:00-14:30 ### Off timing for Thursday #acl thursday_off_time time H 11:00-16:00 ### Exclusion Site for power acl power_exclusion_acl url_regex "/etc/squid/include-files/power_sites.squid" http_access allow power_acl power_exclusion_acl ### ACL for IT Groups for technical reasons acl techie_acl url_regex "/etc/squid/include-files/technical_sites.squid" http_access allow itusers_acl techie_acl ### Yahoo messenger for Vista users #acl vista_ip src "/etc/squid/include-files/vista_ip.squid" #acl yahoomsngr_acl dstdomain .yahoo.com #http_access allow vista_ip yahoomsngr_acl ### Bypass Rules acl bypass_ip src "/etc/squid/include-files/bypass_ip.squid" http_access allow bypass_ip all ### Personal mail Access Policies (Yahoo/Gmail etc) acl mail_sites dstdomain "/etc/squid/include-files/mail_sites.squid" http_access allow mail_sites top_acl http_access allow mail_sites itusers_acl http_access allow mail_sites power_acl http_access allow mail_sites ultimate_acl http_access allow mail_sites duplus_acl http_access allow mail_sites usersplus_acl #http_access allow mail_sites thursday_off_time dusers_acl http_access allow mail_sites off_time_1 dusers_acl #http_access allow mail_sites thursday_off_time users_acl http_access allow mail_sites off_time_1 users_acl http_access deny mail_sites deny_info ERR_MAIL_SITES mail_sites ### Instant Messaging Sites Access Policies (meebo.com, etc) acl instant_msg_sites dstdomain "/etc/squid/include-files/instant_msg.squid" http_access allow instant_msg_sites top_acl http_access allow instant_msg_sites itusers_acl http_access allow instant_msg_sites power_acl http_access allow instant_msg_sites ultimate_acl http_access allow instant_msg_sites duplus_acl http_access allow instant_msg_sites usersplus_acl http_access allow instant_msg_sites off_time_1 dusers_acl http_access allow instant_msg_sites off_time_1 users_acl http_access deny instant_msg_sites deny_info ERR_INST_MSG_SITES instant_msg_sites ### Temporarily blocking suspicious sites acl suspicious_sites dstdomain "/etc/squid/include-files/suspicious_sites.squid" http_access allow ultimate_acl suspicious_sites http_access allow top_acl suspicious_sites http_access allow power_acl suspicious_sites http_access deny suspicious_sites deny_info ERR_SUSPICIOUS_SITES suspicious_sites ### Exclusion list for sites (from bad words regular expression) acl exclusion_list url_regex "/etc/squid/include-files/exclusion_list.squid" http_access allow ultimate_acl exclusion_list http_access allow top_acl exclusion_list http_access allow itusers_acl exclusion_list http_access allow power_acl exclusion_list http_access allow dusers_acl exclusion_list http_access allow duplus_acl exclusion_list http_access allow usersplus_acl exclusion_list http_access allow users_acl exclusion_list http_access deny exclusion_list deny_info ERR_BAD_WORDS_BOTH exclusion_list and so on... ### Allow Rules http_access allow top_acl http_access allow itusers_acl http_access allow power_acl http_access allow duplus_acl http_access allow dusers_acl http_access allow usersplus_acl http_access allow users_acl http_access allow ultimate_acl http_access deny liusers_acl