Truth Seeker wrote:
working. In the client side i tested with
a. ubuntu 9.04 box and with firefox 3.0, (here a java
window is prompting
for user/pass and once i given the req info, then it
says "Error Details"
in that Java window in dailyfx.com)
b. with win XP and firefox and IE (both just given
Error details)
Now what can i do? to get this site working with our
env
Does the above http_access come before or after the
http_access which
allows people to access when authenticated?
Well...
the following is an extract from my squid.conf
And squid reads it top-down....
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
### MY Rules begins here...
### Atuhentication
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
... performs authentication. Which was your problem with Java...
order is important!
#http_access allow AuthorizedUsers
external_acl_type unix_group %LOGIN /usr/lib/squid/wbinfo_group.pl
### ACL Declarations!!!
acl top_acl external unix_group topusers
acl itusers_acl external unix_group itusers
acl power_acl external unix_group power
acl dusers_acl external unix_group dusers
acl duplus_acl external unix_group dusersplus
acl liusers_acl external unix_group liusers
acl usersplus_acl external unix_group usersplus
acl users_acl external unix_group users
acl nauthy_acl external unix_group naughty
acl ultimate_acl external unix_group ultimate
### For Java on dailyfx.com
#acl dailyfx_acl dstdomain .netdania.com
#http_access allow dailyfx_acl CONNECT
### For JAVA
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl testnet src 192.168.7.0/24
acl testnet src 192.168.8.0/24
http_access allow testnet Java
### Blocking Proxy Sites
acl proxy_sites dstdomain "/etc/squid/include-files/proxy_sites.squid"
http_access allow ultimate_acl proxy_sites
http_access deny proxy_sites
deny_info ERR_PROXY_SITES proxy_sites
### Acl defining off time
acl off_time_1 time ASMTWH 12:00-14:30
### Off timing for Thursday
#acl thursday_off_time time H 11:00-16:00
### Exclusion Site for power
acl power_exclusion_acl url_regex "/etc/squid/include-files/power_sites.squid"
http_access allow power_acl power_exclusion_acl
### ACL for IT Groups for technical reasons
acl techie_acl url_regex "/etc/squid/include-files/technical_sites.squid"
http_access allow itusers_acl techie_acl
### Yahoo messenger for Vista users
#acl vista_ip src "/etc/squid/include-files/vista_ip.squid"
#acl yahoomsngr_acl dstdomain .yahoo.com
#http_access allow vista_ip yahoomsngr_acl
### Bypass Rules
acl bypass_ip src "/etc/squid/include-files/bypass_ip.squid"
http_access allow bypass_ip all
### Personal mail Access Policies (Yahoo/Gmail etc)
acl mail_sites dstdomain "/etc/squid/include-files/mail_sites.squid"
http_access allow mail_sites top_acl
http_access allow mail_sites itusers_acl
http_access allow mail_sites power_acl
http_access allow mail_sites ultimate_acl
http_access allow mail_sites duplus_acl
http_access allow mail_sites usersplus_acl
#http_access allow mail_sites thursday_off_time dusers_acl
http_access allow mail_sites off_time_1 dusers_acl
#http_access allow mail_sites thursday_off_time users_acl
http_access allow mail_sites off_time_1 users_acl
http_access deny mail_sites
deny_info ERR_MAIL_SITES mail_sites
### Instant Messaging Sites Access Policies (meebo.com, etc)
acl instant_msg_sites dstdomain "/etc/squid/include-files/instant_msg.squid"
http_access allow instant_msg_sites top_acl
http_access allow instant_msg_sites itusers_acl
http_access allow instant_msg_sites power_acl
http_access allow instant_msg_sites ultimate_acl
http_access allow instant_msg_sites duplus_acl
http_access allow instant_msg_sites usersplus_acl
http_access allow instant_msg_sites off_time_1 dusers_acl
http_access allow instant_msg_sites off_time_1 users_acl
http_access deny instant_msg_sites
deny_info ERR_INST_MSG_SITES instant_msg_sites
### Temporarily blocking suspicious sites
acl suspicious_sites dstdomain "/etc/squid/include-files/suspicious_sites.squid"
http_access allow ultimate_acl suspicious_sites
http_access allow top_acl suspicious_sites
http_access allow power_acl suspicious_sites
http_access deny suspicious_sites
deny_info ERR_SUSPICIOUS_SITES suspicious_sites
### Exclusion list for sites (from bad words regular expression)
acl exclusion_list url_regex "/etc/squid/include-files/exclusion_list.squid"
http_access allow ultimate_acl exclusion_list
http_access allow top_acl exclusion_list
http_access allow itusers_acl exclusion_list
http_access allow power_acl exclusion_list
http_access allow dusers_acl exclusion_list
http_access allow duplus_acl exclusion_list
http_access allow usersplus_acl exclusion_list
http_access allow users_acl exclusion_list
http_access deny exclusion_list
deny_info ERR_BAD_WORDS_BOTH exclusion_list
and so on...
### Allow Rules
http_access allow top_acl
http_access allow itusers_acl
http_access allow power_acl
http_access allow duplus_acl
http_access allow dusers_acl
http_access allow usersplus_acl
http_access allow users_acl
http_access allow ultimate_acl
http_access deny liusers_acl
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
