Good Morning all!
Last friday I set up squid for the first time. I defined some access rules
and they seemed to work fine. Here is what they look like:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mynetwork src 192.168.0.0/24
acl workmachine src 207.xxx.xxx.xxx
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access allow mynetwork
#http_access allow workmachine
# And finally deny all other access to this proxy
http_access deny all
I could deny or allow access to my work machine here at work. If I allowed
it then I could use the cache. If I commented it out, like above, I would
get the cache denied page. Cool.
So last night I put in some authentication lines:
authenticate_program /usr/bin/smb_auth -W PARADISE
acl domainusers proxy_auth REQUIRED
http_access allow domainusers
Now, even with my proxy supposedly denying my work machine I'm getting a
username and password prompt. If I enter in a proper username and password
combo I'm in.
How does this authentication override the rule that says I can't connect
from my work IP?
Any advice would be greatly appreciated.
Thanks,
Bob
Received on Mon Jan 13 2003 - 07:04:12 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:38 MST