Michael Gargiullo wrote:
I have a small squid proxy setup and running with basic
authentication. It works.
However, What I'd ultimately like to have is for three users to be
blocked from 6am until 5:30pm, while 2 users are not time restricted.
It appears to work, however if one of the three users that do not have
access during the day, tries to gain access, they are not presented
with a 'denied' page. They only continue to get the login prompt.
I'm new to squid. Am I missing something obvious?
squid.conf:
visible_hostname coral
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_user
auth_param basic children 5
auth_param basic realm Monitored Surfing
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl internal src 192.168.142.0/24
acl kids proxy_auth bob lisa marc
acl parents proxy_auth john mike
acl allu proxy_auth REQUIRED
acl schooltime time M T W H 06:00-17:30
http_access allow manager localhost
http_access deny manager
http_access allow parents
http_access deny schooltime kids
Change...
http_access deny schooltime kids
...to...
http_access deny kids schooltime
...as Squid allows a client to re-authenticate if the deny ends with a
proxy_auth acl.
http_access allow allu
http_access allow localhost
http_access deny all
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log common
logfile_rotate 9
log_fqdn on
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/spool/squid
--
Michael Gargiullo
Chief
East Windsor Township Rescue Squad, District 1
Chris