Hello! Just for those who would like to have a: Squid with Ldap user auth on an eDirectory with an ecap (watch out ! It is not i-cap!) virus check and squidGuard for blacklisting. One think not working for me so far is the redirect to a virus info site if ecap/clamd did find a virus. By now the user is informed that the access was "denied" but not why. A thing i do not like with this setup right now. (still working on this!) The working squid.conf looks like this: ================================================================= cache_mgr xxx@xxxxxxx http_port IPADDRESSOFSERVER:3128 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT auth_param basic program /usr/lib64/squid/basic_ldap_auth -b o=XXXX -h IPOFEDIRSERVER -D cn=XXX,o=XXX -w PASSWORDOFUSER -f "(&(objectclass=User)(cn=%s))" auth_param basic children 5 auth_param basic realm WHATEVER-YOU-LIKE-TO-TELL-THE-USER auth_param basic credentialsttl 2 hours ecap_enable on loadable_modules /usr/local/lib/ecap_clamav_adapter.so ecap_service clamav_service_req reqmod_precache uri=ecap://e-cap.org/ecap/services/clamav?mode=REQMOD bypass=off ecap_service clamav_service_resp respmod_precache uri=ecap://e-cap.org/ecap/services/clamav?mode=RESPMOD bypass=on adaptation_access clamav_service_req allow all adaptation_access clamav_service_resp allow all acl ediruser proxy_auth REQUIRED http_access allow ediruser http_access deny all http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny all http_port 3128 coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf url_rewrite_children 15 url_rewrite_access allow all ====================================================================================================================== Thanks for all the help! Björn Träger: Klinikum Westmünsterland GmbH Jur. Sitz der Gesellschaft: Am Boltenhof 7, 46325 Borken Registergericht Coesfeld, HRB Nr. 4184 I Ust.-Id.Nr.: DE123762133 Geschäftsführer: Christoph Bröcker, Ludger Hellmann (Sprecher) Aufsichtsratsvorsitzender: Jürgen Büngeler Diese E-Mail enthält vertrauliche oder rechtlich geschützte Informationen. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
