--_000_d450806e84f1439cb82e0fd071e6ec99hexcelcom_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"= > <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <style><!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:11.0pt; font-family:"Calibri",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {mso-style-priority:99; color:#954F72; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:"Calibri",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-family:"Calibri",sans-serif;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --></style><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72"> <div class=3D"WordSection1"> <p class=3D"MsoNormal">Hey Squid users, <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Running into an issue I’m trying to figure out= . <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">We have a few acl directives using “proxy_auth= _regex –i” and when I have these active, it blocks any proxy co= nnection with an HTTP 407 error, according to the logs. <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Here’s an example: <o:p></o:p></p> <p class=3D"MsoNormal"># block certain user IDs from using proxy server<o:p= ></o:p></p> <p class=3D"MsoNormal">#acl block_user proxy_auth_regex -i "/etc/squid= /block_user"<o:p></o:p></p> <p class=3D"MsoNormal">#http_access deny block_user<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">What’s supposed to happen with this ACL, is th= at any username we have on that list is to be blocked from internet access.= But it seems to be blocking known good usernames too. I’m not sure w= here to go from here, we would like to use these ACL’s but for right now I have these rules commented out. <o:p></o:p= ></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">Here's a few other rules we have that have the same = issue:<o:p></o:p></p> <p class=3D"MsoNormal"># executable blocking<o:p></o:p></p> <p class=3D"MsoNormal"># reference this list for extensions to block<o:p></= o:p></p> <p class=3D"MsoNormal">acl exec_files url_regex -i "/etc/squid/exec_fi= les"<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"># ignore these usernames from being blocked<o:p></o:= p></p> <p class=3D"MsoNormal">#acl exec_users proxy_auth_regex -i "/etc/squid= /exec_users"<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal"># combine the rules<o:p></o:p></p> <p class=3D"MsoNormal">#http_access deny !bad_exception_urls !exec_users ex= ec_files<o:p></o:p></p> <p class=3D"MsoNormal">#deny_info ERR_BLOCK_TYPE exec_files<o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> <p class=3D"MsoNormal">From what you can see above, we have “acl exec= _files url_regex -i /etc/squid/exec_files" uncommented, but it’s= not active because the “http_access directive” had to be comme= nted out because it includes the other statements that include “proxy_auth_regex –i” which block all internet access as= well. <o:p></o:p></p> <p class=3D"MsoNormal"><o:p> </o:p></p> </div> </body> </html> --_000_d450806e84f1439cb82e0fd071e6ec99hexcelcom_-- --===============8055676042498796774== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users --===============8055676042498796774==--
