Search squid archive

R: [squid-users] Allowing links inside websites in whitelist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, it seems that my problem was caused by the extra line:
> http_access deny utenti_tg24

Removing it resolved my problem, and the user can only go to the sites listed in the whitelist and nowhere else.
No further annoying auth request popups.

Now the conf look like:
> acl tg24 url_regex "/etc/squid/whitelist_tg24"
> http_access allow utenti_tg24 tg24

And now it works like a charm... I just had to add a couple of urls on the whitelist to make it work properly.

Thanks

-----Messaggio originale-----
Da: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Inviato: mercoledì 10 febbraio 2010 12.19
A: squid-users@xxxxxxxxxxxxxxx
Oggetto: Re:  Allowing links inside websites in whitelist

CASALI COMPUTERS - Michele Brodoloni wrote:
> Hello,
> i?m using Squid Version 2.6.STABLE21 with squid_ldap_group auth helper for authenticating groups of users.
> 
> My problem is that some groups need to access certain sites only, but these sites contain links to other external content outside the whitelist causing squid popping up the annoying login box repeteadly. Is there a way to make squid follow (or deny) those links without annoying the user?
> I simply would like that auth is requested just once.. if the user is not allowed, just deny it without requesting authentication again?
> 

What do you mean "again"? To get auth popups means they are not 
authenticated at all yet. Were they already authenticated something must 
have gone badly.

Your config confirms that. Anybody visiting the whitelist gets through 
without authenticating at all.
The instant they go anywhere else they are verified for authentication 
and the blacklist tested.


To let people browse the web without auth popups is to remove auth 
completely, or to whitelist every site they need to visit. There seems 
to be somethign broken if the login box is popping up repeatedly.

You might try auto-blacklisting anything not whitelisted which is 
referred to from the whitelist sites.

Something like this just after the whitelist itself will prevent _any_ 
non-whitelisted link from a whitelisted page without involving auth:

   acl whiteRef referer_regex "/etc/squid/whitelist"
   http_access deny whiteRef

Be careful though. If you make that an auto-allow you enable anybody on 
access the proxy by sending an easily forged header to you.
You will also need to do something to let people click on actual wanted 
links on those whitelisted pages.


> Here?s my configuration (squid.conf) snippet:
> 
> #################################################################################################
> auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=server,dc=local" -f "uid=%s" -h 127.0.0.1
> auth_param basic children 10
> auth_param basic realm "Server Proxy Server"
> auth_param basic credentialsttl 8 hours
> 
> external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group -b "ou=Groups,dc=server,dc=local" -f "(&(memberUid=%u)(cn=%g)(objectClass=posixGroup))" -h 127.0.0.1 -d
> 
> acl utenti_tutti external ldap_group grp-proxy
> acl utenti_tg24  external ldap_group grp-tg24
> 
> acl retelocale src 192.0.0.0/255.255.255.0

acl retelocale src 192.0.0.0/24

> acl whitelist dstdom_regex "/etc/squid/whitelist"
> http_access allow retelocale whitelist
> 
> acl autenticati proxy_auth REQUIRED
> 
> acl blacklist dstdom_regex "/etc/squid/blacklist"
> http_access deny  utenti_tutti blacklist
> http_access allow utenti_tutti
> 
> acl tg24 url_regex "/etc/squid/whitelist_tg24"
> http_access allow utenti_tg24 tg24
> http_access deny utenti_tg24
> #################################################################################################
> 
> Thank you very much 


Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
   Current Beta Squid 3.1.0.16




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux