On 1/03/25 03:54, Piana, Josh wrote:
Hello,
I am attempting to setup an ACL block list based on usernames from a
windows AD environment.
When I have this added to my squid.conf file, all outbound connections
stop working:
acl block_user proxy_auth_regex -i "/etc/squid/block_user"
http_access deny block_user
I have also tried “!block_user”.
Was that "NOT MATCHING block_user" condition used with allow or deny action?
What prior or followup http_access lines are processed when that ACL
check results in "need login" due to lack of username value?
As you can see, I have it set so if a Windows username is on the
“block_user” list, Squid will deny internet access to that user.
Unfortunately, this doesn’t work in practice. I have a working Kerberos
back-end setup, handling authentication. What am I doing wrong with this
setup?
1) The block_user ACL you have defined is a Regular Expression test
against the username, not a check of the exact username. So you need to
be very careful of the specific regex patterns you are using.
(If you want me to check validity, you can post to be directly here, do
not post actual value to this public list).
2) The block_user ACL implicitly requires authentication to have been
performed before it can perform its check. Check your auth_param
settings, and prior proxy_auth type ACL that perform the login.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
