[squid-users] Problem with the Squid 3
Marcio Demetrio Bacci
marciobacci at gmail.com
Mon Aug 8 21:22:23 UTC 2016
I have a problem with Squid 3 on Debian 8.2
When the users open your browsers, the squid asks the name and password.
Until this moment is OK, but if the users inform only the password (field
"name" not filled - in blank), the navigation is permitted.
The following is my squid.conf file:
http_port 3128
cache_mem 512 MB
cache_swap_low 80
cache_swap_high 90
maximum_object_size 512 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 4096 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
quick_abort_min -1 KB
detect_broken_pconn on
fqdncache_size 1024
### CACHE
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
### LOGS
access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
cache_dir aufs /var/spool/squid3 600 16 256
#Allow Acces
acl caixa dstdomain .caixa.gov.br
cache deny caixa
# NTLM
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --domain=EMPRESA
auth_param ntlm children 20
auth_param ntlm keep_alive off
# BASIC
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Autenticacao Básica - Acesso Monitorado
auth_param basic credentialsttl 8 hours
/usr/lib/squid3/ext_wbinfo_group_acl
external_acl_type ad_group %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl -d
visible_hostname proxy.empresa.com
### ACLs
acl localhost src 192.168.200.35/32
acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, bacula
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 88 # kerberos
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 389 # ldap
acl Safe_ports port 443 # https
acl Safe_ports port 464 # kerberos password
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # snews
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1025-65535 # unregistered ports
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
acl group_admins external ad_group gg_webadmins
acl group_managers external ad_group gg_webliberados
acl grupo_commons external ad_group domain%20users
### ALLOW UPDATE
acl updates url_regex -i "/etc/squid3/acls/updates"
http_access allow updates
### DENY EXTENSIONS
acl extensions_deny url_regex -i "/etc/squid3/acls/extensions-denied"
### ALLOW SITES
acl sites_allows url_regex -i "/etc/squid3/acls/sites-allow"
acl sites_denied url_regex -i "/etc/squid3/acls/sites-denied"
acl users proxy_auth REQUIRED
http_access allow group_admins
http_access deny extensions-denied
http_access allow sites_allows
http_access deny sites_denied
http_access allow group_manager
# SquidGuard Rules
redirect_program /usr/bin/squidGuard
redirect_children 20
redirector_bypass on
http_access allow group_common
http_access allow users
### LAN #####
acl lan-net src 192.168.200.0/22
acl wireless-net src 192.168.210.0/22
http_access allow lan-net
http_access allow wireless-net
#negando o acesso para todos que nao estiverem nas regras anteriores
http_access deny all
### Errors
error_directory /usr/share/squid3/errors/en
coredump_dir /var/spool/squid3
Regards,
Márcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160808/fe5eff2a/attachment-0001.html>
More information about the squid-users
mailing list