On 2015-02-24 19:25, zanettiza wrote:
Hi Everyone,I've searched and search but have not found an answer to my
question.I'm running CentOS 7 and Squid 3.3.4. When I insert
"http_access
allow Safe_ports" AFTER "http_access allow authenticated_users" I have
no
access to ports listed under my Safe_ports ACL, however when I put it
before
then everything works just fine, obviously that is then ignoring
authentication.Any thoughts on how I can overcome this? I have tried
many
different configurations but nothing really works.Thanks!
http://wiki.squid-cache.org/SquidFaq/OrderIsImportant
http://wiki.squid-cache.org/SquidFaq/SquidAcl
There is a very big difference between your two policies:
A)
# allow unlimited access to all "safe" ports
http_access allow Safe_ports
# then authenticate access to unsafe ports
http_access allow authenticated
B)
# allow access to anywhere authenticated
http_access allow authenticated
# then allow access to safe ports if authentication fails
http_access allow Safe_ports
versus the squid default security settings:
C)
# prevent access to unsafe ports
http_access deny !Safe_ports
# prevent use of CONNECT tunnels by non-HTTPS
http_access deny CONNECT !SSL_ports
# then allow access (to safe ports and HTTPS) if authenticated
http_access allow authenticated
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
