[squid-users] Authenication denies access to ports
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 25 00:21:08 UTC 2015
On 2015-02-24 19:25, zanettiza wrote:
> Hi Everyone,I've searched and search but have not found an answer to my
> question.I'm running CentOS 7 and Squid 3.3.4. When I insert
> "http_access
> allow Safe_ports" AFTER "http_access allow authenticated_users" I have
> no
> access to ports listed under my Safe_ports ACL, however when I put it
> before
> then everything works just fine, obviously that is then ignoring
> authentication.Any thoughts on how I can overcome this? I have tried
> many
> different configurations but nothing really works.Thanks!
>
http://wiki.squid-cache.org/SquidFaq/OrderIsImportant
http://wiki.squid-cache.org/SquidFaq/SquidAcl
There is a very big difference between your two policies:
A)
# allow unlimited access to all "safe" ports
http_access allow Safe_ports
# then authenticate access to unsafe ports
http_access allow authenticated
B)
# allow access to anywhere authenticated
http_access allow authenticated
# then allow access to safe ports if authentication fails
http_access allow Safe_ports
versus the squid default security settings:
C)
# prevent access to unsafe ports
http_access deny !Safe_ports
# prevent use of CONNECT tunnels by non-HTTPS
http_access deny CONNECT !SSL_ports
# then allow access (to safe ports and HTTPS) if authenticated
http_access allow authenticated
Amos
More information about the squid-users
mailing list