On 5/12/2015 11:20 a.m., Marcio Demetrio Bacci wrote: > Hi Amos, > > Thanks for help me. > > Follow my whole squid.conf <snip> > acl manager proto cache_object I see you still have the old Squid-2 definition for "manager" ACL. If your Squid is not complaining about that, it means you are using a very old version and need to upgrade. The config should work, so I think you are hitting bugs in Squid. With Squid older than 3.4 it could be bug 2305 and the related nest of horrible auth code that used to exist in Squid. Please ensure you are using a Squid-3.4 or later. If the problem remains, you will have to try to isolate some situatino that always causes it. With that a ALL,9 debug log from Squid could help. Also, be aware that there is always the possibility of browser bugs being involved. Firefx 25-40 did not do NTLM properly, and Chrome 47 just had a major regression where it broke all NTLM to a proxy - similar but less high profile things have happened before with both of them, and old IE 0-8 can be randomly problems as they do their own undocumented things. <snip> > acl Safe_ports port 80 8080 21 443 563 70 210 280 488 591 777 3001 > 1025-65535 You don't have to add port 8080 or 3001 to that list. They are included in the 1025-65535 set. <snip> > acl connect_abertas maxconn 8 connect_abertas is unused. You should remove it. > acl grupo_admins external ad_group gg_admins > acl grupo_users external ad_group gg_users > acl extensoes_bloqueadas url_regex -i "/etc/squid3/acls/extensoes-proibidas" > acl sites_liberados url_regex -i "/etc/squid3/acls/sites-permitidos" > acl sites_bloqueados url_regex -i "/etc/squid3/acls/sites-proibidos" > acl palavras_bloqueadas url_regex -i "/etc/squid3/acls/palavras-proibidas" > acl autenticados proxy_auth REQUIRED > http_access deny !autenticados > http_access allow grupo_admins > http_access deny extensoes_bloqueadas > http_access allow sites_liberados > http_access deny sites_bloqueados > http_access deny palavras_bloqueadas > http_access allow grupo_users > http_access allow autenticados Only autenticados can get past the "deny !autenticados" at the top. So this "allow autenticados" will always match. The below lines do nothing useful. So you could replace the above "allow autenticados" with "allow all" and save some extra auth checking. > acl network_servers src 192.168.0.0/25 > acl Lan1 src 192.168.1.0/24 > acl lan2 src 192.168.2.0/23 > http_access allow network_servers > http_access allow lan1 > http_access allow lan2 > http_access deny all > error_directory /usr/share/squid3/errors/pt-br I hear Brazil is a multi-cultural country. You might want to seriously consider removing that line which forces all users and clients to read Portuguese (Brazi) language messages from the proxy. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
