Still have problems... I've tried in different ways and i'm unable to get it work... This is my config: # # Recommended minimum configuration: # ### cache manager cache_mgr cachemgr@xxxxxxxxxx visible_hostname Serv07.domain.com authenticate_ip_ttl 1 hour ### negotiate kerberos and ntlm authentication auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN --kerberos /usr/local/bin/squid_kerb_auth -s GSS_C_NO_NAME auth_param negotiate children 50 auth_param negotiate keep_alive off ### pure ntlm authentication auth_param ntlm program /usr/bin/ntlm_auth -d --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN auth_param ntlm children 50 auth_param ntlm keep_alive off ### provide basic authentication via ldap for clients not authenticated via kerberos/ntlm auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -v 3 -R -b "dc=domain,dc=local" -D squid@domain.local -W /etc/squid/ldappass.txt -d -f sAMAccountName=%s -h srv-dc1.domain.local auth_param basic children 50 #startup=0 idle=1 auth_param basic realm Proxy Domain ##auth_param basic credentialsttl 1 minute ##auth_param basic casesensitive off ### Kerb authorization #external_acl_type memberof ttl=30 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -d -g "%g" -D "DOMAIN.LOCAL" ### ldap authorisation external_acl_type memberof ttl=30 %LOGIN /usr/local/squid/libexec/ext_ldap_group_acl -v 3 -R -K -b "dc=domain,dc=local" -D squid@domain.local -W /etc/squid/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=SQUID,ou=OU Domain,dc=domain,dc=local))" -h srv-dc1.domain.local ### acl for proxy auth and ldap authorizations acl auth proxy_auth REQUIRED # aclname acltype typename activedirectorygroup acl InternetBloccato external memberof "/etc/squid/Internet_bloccato.txt" acl InternetCentralino external memberof "/etc/squid/Internet_centralino.txt" acl InternetLimitato external memberof "/etc/squid/Internet_limitato.txt" acl InternetLibero external memberof "/etc/squid/Internet_libero.txt" acl InternetVIP external memberof "/etc/squid/Internet_VIP.txt" acl consentiti_tutti dstdomain "/etc/squid/block/consentiti_tutti.txt" acl consentiti dstdomain "/etc/squid/block/consentiti.txt" acl nonconsentiti dstdomain "/etc/squid/block/nonconsentiti.txt" acl bypass dstdomain .sistri.it acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.metaservices.microsoft.com acl windowsupdate dstdomain images.metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl java_jvm browser Java/1.4 Java/1.5 Java/1.6 Java/1.7 Java/1.8 ## Disable ssl interception for dropbox.com and hotmail.com (and localhost) acl no_ssl_interception dstdomain .dropbox.com .hotmail.com .sistri.it .office365.com .officineciola.it .adobe.com .adobelogin.com ssl_bump none localhost ssl_bump none no_ssl_interception ## Add the rest of your ssl-bump rules below ## e.g ssl_bump server-first all ## etc ### squid defaults #acl manager proto cache_object #acl localhost src 127.0.0.1/32 ::1 #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl SSL_ports port 443 acl SSL_ports port 7071 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com http_access allow CONNECT wuCONNECT http_access allow windowsupdate http_access allow java_jvm http_access allow localhost # Permetti FTP acl ftp proto FTP acl ftp_port port 21 http_access allow ftp_port CONNECT http_access allow ftp # ACL per limiti utenti Internet_limitato acl giorni time T W H # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS ftp_epsv off # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # ### http_access rules http_access allow bypass always_direct allow bypass # allow unrestricted access to prioritysites http_access allow consentiti_tutti # enforce authentication, order of rules is important for authorization levels http_access deny !auth # prevent access to basic auth prompt for BlockedAccess users http_access deny InternetBloccato all # Permetto l'accesso VIP http_access allow InternetVIP auth http_access deny nonconsentiti http_access allow consentiti #http_access allow consentiti_tutti http_access deny InternetCentralino all http_access allow InternetLibero auth http_access deny giorni http_access allow InternetLimitato auth # DO NOT REMOVE THE FOLLOWING LINE http_access deny all # Definisco i limiti di banda #delay_pools 1 #delay_class 1 1 #delay_access 1 allow InternetLimitato InternetLibero InternetCentralino !CONNECT #delay_parameters 1 500000/500000 ### logging # don't log allowedsites, prioritysites, AnonymousAccess access_log /var/log/squid/access.log squid #!allowedsites !prioritysites !AnonymousAccess cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log cache_swap_log /var/log/squid/swap.log logfile_rotate 10 # Squid normally listens to port 3128 http_port 8080 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # maximum_object_size 3000 KB #cache_effective_user squid #cache_effective_group squid Any ideas why i can't get it work? Thanks! -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-and-site-ryanair-com-tp4669105p4669201.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
