Truth Seeker schrieb:
-
http_access deny !AuthorizedUsers
... performs authentication. Which was your problem
with
Java...
order is important!
So does it mean, i need to put them as the following;
### For JAVA
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl testnet src 192.168.7.0/24
acl testnet src 192.168.8.0/24
http_access allow testnet Java
http_access deny !AuthorizedUsers
Yes when i modified as the above, its working fine....
Now another doubt. will this solve the issues related to all the java sites?
Hi there,
i have actually also the problem that java-applications are in no way
able to get a working connect to the internet, but this workaround with
the example of http://www.dailyfx.com/ doesn't work for me in any case....
My test-user matches the acl "gruppe_vollzugriff" - i'm using
2.7.STABLE3-4.1 on Debian Lenny with squidguard 1.4. I also use NTLM
auth against a AD.
If I do it in this way:
acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser
acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff
acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis
acl gruppe_test external wbinfo_group Proxygruppe-test
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl localnet src 172.1.0.0/19
...
http_access allow localnet Java
http_access allow gruppe_azubis erlaubte_seiten_azubis
http_access allow gruppe_standarduser
http_access allow gruppe_test
http_access allow gruppe_vollzugriff
http_access deny all
I get in access.log the following:
1268863619.997 13 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
1268863620.008 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
1268863620.022 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
1268863620.034 3 172.1.0.128 TCP_MISS/404 0 CONNECT http:443 -
DIRECT/- -
If i modify the order of the http_access line in this way:
acl gruppe_standarduser external wbinfo_group Proxygruppe-Standarduser
acl gruppe_vollzugriff external wbinfo_group Proxygruppe-Vollzugriff
acl gruppe_azubis external wbinfo_group Proxygruppe-Azubis
acl gruppe_test external wbinfo_group Proxygruppe-test
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl localnet src 172.1.0.0/19
...
http_access allow gruppe_azubis erlaubte_seiten_azubis
http_access allow gruppe_standarduser
http_access allow gruppe_test
http_access allow gruppe_vollzugriff
http_access allow localnet Java
http_access deny all
I get the following output in the log:
1268864049.866 8 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.900 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.914 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.927 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.940 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.965 15 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.979 4 172.1.0.128 TCP_DENIED/407 1867 CONNECT
balancer.netdania.com:443 - NONE/- text/html
1268864049.989 6 172.1.0.128 TCP_DENIED/407 1841 CONNECT
balancer.netdania.com:443 - NONE/- text/html
As I described, java isn't able to get a working connect to the
internet. What's wrong in my case? I would be glad if you have a hint
for me....
thanks & best regards
Thomas
