Kinkie,
We're facing a problem that seem to be position-related in the ACL.
We have an ACL that block some url-regex words. And another file that
treat the exceptions:
i.e.: porn file Blocks 'butt'; but the exception file noporn allows
'butter'.
If the url contains the words in the exception (i.e.: someone querying
by butter in Google), the access isn't validated against NTLM
authentication. Is passing through, without any required authentication.
And we have a third case, that allow Windows Update and some banking
sites, (that are sensitive to NTLM authentication, due to Java ntlm buggy
authentication and WU5 issues) passes through, without authentication.
In the squid.conf:
####################### ACLs
# The bad words:
acl porn url_regex "/usr/local/squid/etc/regras/porn"
# The exception for the bad words (these are passing through)
acl noporn url_regex "/usr/local/squid/etc/regras/noporn"
# Everyone subjected to authentication
acl AuthorizedUsers proxy_auth REQUIRED
# Block some p2p strings
acl p2p browser Kazaa KazaaClient Gnutella Gnucleus e2dk BitTorrent
# Allow these without any authentication
acl bancos dstdomain .caixa.gov.br .bb.com.br .bancobrasil.com.br
.bancodobrasil.com.br .windowsupdate.com download.microsoft.com
windowsupdate.microsoft.com
####################### The http_access section
http_access allow noporn all
http_access deny porn all
http_access deny p2p
http_access allow all bancos
http_access allow all AuthorizedUsers
http_access deny all
Do you suggest some change in the http_access order?
Kind regards,
Rodrigo.
Received on Wed Aug 03 2005 - 08:09:53 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT