Search squid archive

Re: Need help in integrating squid and samba

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ons 2009-09-09 klockan 12:02 +0530 skrev Avinash Rao:

> http_access allow staffgroup
> http_access allow student staffgroup

The above is wrong.

The first directive allows everyone in staffgroup without restriction,
which means the second can not be reached. Squid uses the first
http_access line matching the request to determine if the request is
allowed or denied, any http_access rules following that is ignored.

> I am wondering if its really checking the NT group? I also tried using
> the squid_unix_group option, but the result was the same.

It most likely is, assuming you have no "proxy_auth REQUIRED" acl used
in parts of squid.conf not shown here.

> http_access deny extndeny
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> 
> 
> #http_access allow friends WORKING
> #http_access deny friends
> http_access deny abc
> http_access deny videos
> 
> http_access deny !AuthUsers

Ok.

> http_access allow staffgroup
> http_access allow student staffgroup

See above for why this is wrong. I guess the first of the two should
go..


> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost

There is a "deny purge" rule missing here.

And the whole block should be before your custom rules (i.e. first rules
in http_access).

> #http_access allow special_urls
> #http_access deny extndeny download
> http_access deny badurl
> #http_access deny malware_block_list
> #deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list

This deny need to go before where you allow access to be effective. But
maybe it is.. Not entirely obvious to me who should get denied and who
not.

> http_access allow localhost
> http_access allow lan
> http_access deny all

Ok.

Regards
Henrik




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux