[squid-users] Authentication Passthrough Failing
Curtis.M
curtism at connect-up.co.uk
Thu Feb 26 18:38:13 UTC 2015
Hi all,
I have squid 2.7 setup on a Win2012R2 DC used for caching purposes. The main
use is for caching Apple iOS updates but is also starting to be used for
general web browsing.
The issue I have is there is a web filtering system being used in this
environment that relies on AD usernames to filter web traffic. When clients
are configured with squid, they are essentially unfiltered. Reason being is
the box squid runs off is excluded from filtering and it seems all clients
using the configured proxy receive the same level of filtering as the host
squid is running from.
I have already researched this and found that I may need to use Connection
Pinning but when the line "connection-auth=on" is added to the conf, squid
refuses to start.
(Full error below)
So my questions are:
Am I right in trying to use Connection Pinning to resolve this issue?
Am I missing code needed from the conf I mentioned?
Thanks for reading and I hope you can help!
Kind Regards,
Curtis.
Squid.conf
-----------------------------------------------------------------------------------------------------------------------
http_port 3128 connection-auth=on
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
hierarchy_stoplist cgi-bin ?
maximum_object_size 3072000000 bytes
cache_dir aufs C:\squid\var\cache 256000 128 256 max-size=2048000000
access_log c:/squid/var/logs/access.log squid
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
refresh_pattern -i appldnld\.apple\.com 129600 100% 129600 ignore-reload
ignore-no-store override-expire override-lastmod ignore-must-revalidate
refresh_pattern -i phobos\.apple\.com 129600 100% 129600 ignore-reload
ignore-no-store override-expire override-lastmod ignore-must-revalidate
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir c:/squid/var/cache
-----------------------------------------------------------------------------------------------------------------------
Full Error:
FATAL: Bungled squid.conf line 1: http_port 3128 connection-auth=on
Squid Cache (Version 2.7.STABLE8): Terminated abnormally.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-Passthrough-Failing-tp4670095.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list