[squid-users] Re: Redirector problem

From: <dam012345@dont-contact.us>
Date: Fri, 18 May 2001 14:13:04 +0200

i've got the same problem a few weeks ago :
first if you use squidGuard you redirect rules should be like that in squidGuard.conf
redirect 302:http://sianet14/
(the "302:" is important)
=> without the "302:" the same pop-up pbl appeared on clients when squidGuard has to filter an ad or an entire page for each elements that has to be filtered

then in squid.conf :
cache_peer upproxyname parent 8080 3130 default no-query login=name:pass
(no-query is important)
never_direct allow all

this have solved my problems when i chained squid to a parent proxy (before chaining, all worked fine without that)

with NTLM enabled and squid 2.5 for some special site that pop-up with an IE auth dialog (like www.clanbase.com when logging in)
acl mdp dstdom_regex -i file_that_contain_these_kind_of_site
http_access allow mdp

because when entering the loggin for the special web site, squid ask for the nt user, pass and domain to the user (very boring)

and in squidGuard (that filter users by them username) have to allow the access of these sites in acl/default because in this case the user is not considered as logged on the nt domain

(with the same file "file_that_contain_these_kind_of_site", url in that format which is recognized both by squid and squidGuard => "clanbase.com")

hope i was clear, and this may help

damien

>I recall seeing a similar comment on a squidguard list recently.
>
>Firstly: are you using transparent aka intercepting mode? If you are
>then this is expected behaviour.
>
>Otherwise:
>
>Could you do me a favour? try a squid 2.5 snapshot - and see if the bug
>exists there as well.
>
>Knowing that will help pinpoint whats happening. (Squid 2.5 has
>rewritten authentication code that is quite different).
>
>Rob
>
>
>
>----- Original Message -----
>From: "Ben 'Shplorb' Caudle" <caud0011@infoeng.flinders.edu.au>
>To: <squid-users@squid-cache.org>
>Sent: Friday, May 18, 2001 9:32 PM
>Subject: [squid-users] Redirector problem
>
>
>> Recently upgraded net connection, and had to redo the old combination
>> proxy/web/firewall server. Rebuilt the box, now just proxy server.
>>
>> Users have bandwidth allocations and a system was already written to
>process
>> the squid logs and deduct the usage from their balance. A redirector
>was used
>> to check if the balance was above zero, else it would point them to a
>page that
>> would tell them how to get more credits.
>>
>> The new net connection requires us to connect through an upstream
>proxy, and I
>> believe that this is what is causing the problem we have:
>>
>> Squid asks for authentication. Users can authenticate OK, and
>everything works
>> fine. If however, the redirector is enabled, the users are then asked
>to
>> authenticate with the upstream proxy, if you do that, you then have to
>> reauthenticate with our proxy, and so it goes. It appears that this
>happens for
>> every item in a page that is loaded.
>>
>> I presume that this has something to do with the upstream proxy?
>>
>> +Caudle-Sez:---------------------------------+
>> |If you can't drink when you're alive, |
>> |How are you going to drink when you're dead?|
>> +--------------------------------------------+
>>
>)
>
Received on Fri May 18 2001 - 06:13:18 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:10 MST