Search squid archive

Fwd: The user/password pair is correct, yet squid keeps sending me TCP_DENIED/407

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I just realized gmail was using the wrong reply address. Sorry about that.

>  > acl GRP2 external ADGroup CN=UsuariosInternet,OU=UsersOU,DC=example,DC=com
>  > acl GRP3 external ADGroup CN=GRP3,OU=UsersOU,DC=example,DC=com
>  > acl GRP4 external ADGroup CN=GRP4,OU=UsersOU,DC=example,DC=com
>
> All these group checks will trigger re-authenticate if the user is not a
> member of the group(s) being checked - in case a different login would work.
>
> This issue is where the "all hack" comes from.  Put "all" at the end of
> the deny lines which need to end with a group check. Or where possible
> rearrange the ACL checks to put some other ACL type after the group check.
>
>
> For example:  ...
>
>  > http_access deny !GRP3 !GRP2 !GRP4
>
> ... here:
>
>    http_access deny !GRP3 !GRP2 !GRP4 all
>
>
>  > http_access deny !InternalSites GRP3 !GRP2
>
> ... here:
>    http_access deny GRP3 !GRP2 !InternalSites
>
>
>  > http_access allow SocialNetworks GRP4
>
> ... here:
>    http_access allow GRP4 SocialNetworks

holly ..., that is a tricky detail!!!!

I just read https://wiki.squid-cache.org/action/show/Features/Authentication.

The squid team should put some warning on the config file or something
to bring this detail to prominence.

THANK YOU VERY MUCH!!!!

>
>  > http_access deny SocialNetworks
>  > acl BlackListedDomains1 dstdomain -n
>  > '/etc/squid/Sites/Forbidden/BlackListedDomains1'
>  > http_access deny BlackListedDomains1
>  > acl BlackListedDomains2 dstdomain -n
>  > '/etc/squid/Sites/Forbidden/BlackListedDomains2'
>  > http_access deny BlackListedDomains2
>  > acl BlackListedDomains3 dstdomain -n
>  > '/etc/squid/Sites/Forbidden/BlackListedDomains3'
>  > http_access deny BlackListedDomains3
>  > acl BlackListedDomains4 dstdomain -n
>  > '/etc/squid/Sites/Forbidden/BlackListedDomains4'
>  > http_access deny BlackListedDomains4
>
> Any particular reason for some many different blacklists?
>
> It is a faster check and simpler config file to either have one
> blacklist file, or to load all the files as one ACL name.

Easy maintenance. I want to know/remember why I blacklisted some
specific domain. Keep in mind I "anonymised" the config file before
posting, so the generic names, the example.com domain, etc.

>  > acl REBlackListedDomains1 dstdom_regex -i
>  > '/etc/squid/Sites/Forbidden/REBlackListedDomains1'
>  > http_access deny REBlackListedDomains1
>  > acl REBlackListedDomains2 dstdom_regex -i
>  > '/etc/squid/Sites/Forbidden/REBlackListedDomains2'
>  > http_access deny REBlackListedDomains2
>  > acl REBlackListedDomains3 dstdom_regex -i
>  > '/etc/squid/Sites/Forbidden/REBlackListedDomains3'
>  > http_access deny REBlackListedDomains3
>
> Same for the regex blacklists.
>

Same for the regex blacklists. ;-)

>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux