<div dir="ltr"><div><div>I changed http_access allow users TO http_access deny !users in my squid.conf file, but dosen't solved my problem<br><br>http_port 3128<br><br>cache_mem 512 MB<br>cache_swap_low 80<br>cache_swap_high 90<br>maximum_object_size 512 MB<br>minimum_object_size 0 KB<br>maximum_object_size_in_memory 4096 KB<br>cache_replacement_policy heap LFUDA<br>memory_replacement_policy heap LFUDA<br>quick_abort_min -1 KB<br>detect_broken_pconn on<br>fqdncache_size 1024<br><br>### CACHE<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern . 0 20% 4320<br><br>### LOGS<br>access_log /var/log/squid3/access.log<br>cache_log /var/log/squid3/cache.log<br><br>cache_dir aufs /var/spool/squid3 600 16 256<br><br>#Allow Acces<br>acl caixa dstdomain .<a href="http://caixa.gov.br">caixa.gov.br</a><br>cache deny caixa<br><br># NTLM <br>auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=EMPRESA<br>auth_param ntlm children 20<br>auth_param ntlm keep_alive off<br><br><br># BASIC<br>auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic<br>auth_param basic children 5<br>auth_param basic realm Autenticacao Básica - Acesso Monitorado<br>auth_param basic credentialsttl 8 hours<br><br>/usr/lib/squid3/ext_wbinfo_group_acl <br>external_acl_type ad_group %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl -d<br><br>visible_hostname <a href="http://proxy.empresa.com">proxy.empresa.com</a><br><br>### ACLs<br>acl localhost src <a href="http://192.168.200.35/32">192.168.200.35/32</a><br>acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, bacula<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 70 # gopher<br>acl Safe_ports port 80 # http<br>acl Safe_ports port 88 # kerberos<br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 280 # http-mgmt<br>acl Safe_ports port 389 # ldap<br>acl Safe_ports port 443 # https<br>acl Safe_ports port 464 # kerberos password<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 563 # snews<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl Safe_ports port 1025-65535 # unregistered ports<br><br>acl purge method PURGE<br>acl CONNECT method CONNECT<br><br>http_access deny !Safe_ports<br>http_access deny CONNECT !SSL_ports<br>http_access allow manager localhost<br>http_access deny manager<br>http_access allow purge localhost<br>http_access deny purge<br><br>acl group_admins external ad_group gg_webadmins<br>acl group_managers external ad_group gg_webliberados <br>acl grupo_commons external ad_group domain%20users<br><br>### ALLOW UPDATE<br>acl updates url_regex -i "/etc/squid3/acls/updates"<br>http_access allow updates<br><br><br>### DENY EXTENSIONS<br>acl extensions_deny url_regex -i "/etc/squid3/acls/extensions-denied"<br><br>### ALLOW SITES<br>acl sites_allows url_regex -i "/etc/squid3/acls/sites-allow"<br>acl sites_denied url_regex -i "/etc/squid3/acls/sites-denied"<br><br>acl users proxy_auth REQUIRED<br>http_access deny !users<br><br>http_access allow group_admins<br>http_access deny extensions_denied<br>http_access allow sites_allows<br>http_access deny sites_denied <br><br>http_access allow group_manager<br><br># SquidGuard Rules<br>redirect_program /usr/bin/squidGuard<br>redirect_children 20<br>redirector_bypass on<br><br>http_access allow group_common<br><br>### LAN #####<br>acl lan-net src <a href="http://192.168.200.0/22">192.168.200.0/22</a> <br>acl wireless-net src <a href="http://192.168.210.0/22">192.168.210.0/22</a><br><br><br>http_access allow lan-net<br>http_access allow wireless-net<br><br>#negando o acesso para todos que nao estiverem nas regras anteriores<br>http_access deny all<br><br>### Errors<br>error_directory /usr/share/squid3/errors/en<br>coredump_dir /var/spool/squid3<br><br></div> Regards, <br><br></div>Márcio<br></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-08 18:22 GMT-03:00 Marcio Demetrio Bacci <span dir="ltr"><<a href="mailto:marciobacci@gmail.com" target="_blank">marciobacci@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>I have a problem with Squid 3 on Debian 8.2<br><br>When the users open your browsers, the squid asks the name and password. Until this moment is OK, but if the users inform only the password (field "name" not filled - in blank), the navigation is permitted.<br><br></div>The following is my squid.conf file:<br><br>http_port 3128<br>cache_mem 512 MB<br>cache_swap_low 80<br>cache_swap_high 90<br>maximum_object_size 512 MB<br>minimum_object_size 0 KB<br>maximum_object_size_in_memory 4096 KB<br>cache_replacement_policy heap LFUDA<br>memory_replacement_policy heap LFUDA<br>quick_abort_min -1 KB<br>detect_broken_pconn on<br>fqdncache_size 1024<br><br>### CACHE<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern . 0 20% 4320<br><br>### LOGS<br>access_log /var/log/squid3/access.log<br>cache_log /var/log/squid3/cache.log<br><br>cache_dir aufs /var/spool/squid3 600 16 256<br><br>#Allow Acces<br>acl caixa dstdomain .<a href="http://caixa.gov.br" target="_blank">caixa.gov.br</a><br>cache deny caixa<br><br># NTLM <br>auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-<wbr>ntlmssp --domain=EMPRESA<br>auth_param ntlm children 20<br>auth_param ntlm keep_alive off<br><br><br># BASIC<br>auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-<wbr>basic<br>auth_param basic children 5<br>auth_param basic realm Autenticacao Básica - Acesso Monitorado<br>auth_param basic credentialsttl 8 hours<br><br>/usr/lib/squid3/ext_wbinfo_<wbr>group_acl <br>external_acl_type ad_group %LOGIN /usr/lib/squid3/ext_wbinfo_<wbr>group_acl -d<br><br>visible_hostname <a href="http://proxy.empresa.com" target="_blank">proxy.empresa.com</a><br><br>### ACLs<br>acl localhost src <a href="http://192.168.200.35/32" target="_blank">192.168.200.35/32</a><br>acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, bacula<br>acl Safe_ports port 21 # ftp<br>acl Safe_ports port 70 # gopher<br>acl Safe_ports port 80 # http<br>acl Safe_ports port 88 # kerberos<br>acl Safe_ports port 210 # wais<br>acl Safe_ports port 280 # http-mgmt<br>acl Safe_ports port 389 # ldap<br>acl Safe_ports port 443 # https<br>acl Safe_ports port 464 # kerberos password<br>acl Safe_ports port 488 # gss-http<br>acl Safe_ports port 563 # snews<br>acl Safe_ports port 591 # filemaker<br>acl Safe_ports port 777 # multiling http<br>acl Safe_ports port 1025-65535 # unregistered ports<br><br>acl purge method PURGE<br>acl CONNECT method CONNECT<br><br>http_access deny !Safe_ports<br>http_access deny CONNECT !SSL_ports<br>http_access allow manager localhost<br>http_access deny manager<br>http_access allow purge localhost<br>http_access deny purge<br><br>acl group_admins external ad_group gg_webadmins<br>acl group_managers external ad_group gg_webliberados <br>acl grupo_commons external ad_group domain%20users<br><br>### ALLOW UPDATE<br>acl updates url_regex -i "/etc/squid3/acls/updates"<br>http_access allow updates<br><br><br>### DENY EXTENSIONS<br>acl extensions_deny url_regex -i "/etc/squid3/acls/extensions-<wbr>denied"<br><br>### ALLOW SITES<br>acl sites_allows url_regex -i "/etc/squid3/acls/sites-allow"<br>acl sites_denied url_regex -i "/etc/squid3/acls/sites-<wbr>denied"<br><br>acl users proxy_auth REQUIRED<br><br>http_access allow group_admins<br><br>http_access deny extensions-denied<br>http_access allow sites_allows<br>http_access deny sites_denied <br><br>http_access allow group_manager<br><br># SquidGuard Rules<br>redirect_program /usr/bin/squidGuard<br>redirect_children 20<br>redirector_bypass on<br><br>http_access allow group_common<br><br>http_access allow users<br><br>### LAN #####<br>acl lan-net src <a href="http://192.168.200.0/22" target="_blank">192.168.200.0/22</a> <br>acl wireless-net src <a href="http://192.168.210.0/22" target="_blank">192.168.210.0/22</a><br><br><br>http_access allow lan-net<br>http_access allow wireless-net<br><br>#negando o acesso para todos que nao estiverem nas regras anteriores<br>http_access deny all<br><br>### Errors<br>error_directory /usr/share/squid3/errors/en<br>coredump_dir /var/spool/squid3<br><br></div>Regards,<br><br></div>Márcio<br></div>
</blockquote></div><br></div>