On 27/10/17 20:22, Vieri wrote:
Hi, I have: debug_options rotate=1 ALL,1 and I'm getting lots of these messages in cache.log: NOTICE: Authentication not applicable on intercepted requests. I have a mixed tproxy/sslbump + auth (via /usr/libexec/squid/negotiate_kerberos_auth) config. I know authentication can't be done on intercepted requests. I'd like to know how to fix my squid conf file in order to avoid logging this message. The relevant parts of my squid.conf should be: external_acl_type nt_group ttl=0 children-max=50 %LOGIN /usr/libexec/squid/ext_wbinfo_group_acl -K auth_param negotiate program /usr/libexec/squid/negotiate_kerberos_auth -s HTTP/myserver.mydomain.org@xxxxxxxxxxxx auth_param negotiate children 60 auth_param negotiate keep_alive on auth_param basic realm My REALM proxy
You do not seem to be using Basic auth. Setting the realm for an unused auth mechanism is pointless.
acl localnet src 10.0.0.0/8 acl localnet src 192.168.0.0/16 acl ORG_all proxy_auth REQUIRED acl explicit myportname 3128 acl intercepted myportname 3129 acl interceptedssl myportname 3130 [...] acl allowed_groups external nt_group "/opt/proxy-settings/allowed.groups" [...] acl restricted_groups external nt_group "/opt/proxy-settings/restricted.groups" [...] http_access deny SSL_ports ORG_all http_access deny explicit !ORG_all #http_access deny intercepted ORG_all #http_access deny interceptedssl ORG_all http_access deny intercepted !localnet http_access deny interceptedssl !localnet
Try: http_access deny explicit !ORG_all http_access deny explicit SSL_ports http_access deny intercepted !localnet http_access deny interceptedssl !localnet Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
