Search squid archive

Re: negative ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/19/2012 10:47 PM, Rick Chisholm wrote:
I have an NTLM auth proxy, but a number of apps do not seem to be smart
enough to pass credentials and this generates numerous squid
authentication pop-ups for users. I'm trying to eliminate this.

I was thinking of creating a browser ACL with entries the will cover the
browsers in use on the network and then try to use a NOT operator like

http_access allow !known_browsers

before the auth required setting.

thoughts?


this is a very very bad exploit so i wodn't ever cosider it.
it means that every user that will change the broeser id (firefox-> about:config -> change variable ->done)
can use your proxy.
if you will do such a thing at least but not least use
http_access allow localnet !known_browsers

i would suggest to analyze these apps.
they do use most of the time specific domains that you can allow without any ntlm auth.

Regards,
Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux