Re: [squid-users] problem with url_rewrite_access/redirector_access and proxy_auth ACLs

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 17 May 2007 22:22:36 +0200

tor 2007-05-17 klockan 15:12 -0400 skrev Anthony Bray:

> 1) squid sends users to redirector
> 2) if squidGuard matches the URL against it's blacklists, return a
> redirect to a web page that prompts for proxy authentication or
> reporting an error
> 3) if a valid proxy username/pass is supplied, override the filter and go on

Hmm.. not entirely sure such setup would work.. depends heavily on
browser behavior assumptions.

> squidGuard itself works fine, if I feed it URL's manually it returns
> blank or the redirect URL. If I comment out the rewrite_access line that
> checks for authentication and bypasses the redirector it catches the
> filter OK, but since it never checks that you are already authed it
> doesn't let you through after entering your override credentials (it
> just brings the "you've been blocked" page again and again). The auth
> part itself seems to work.

Squid can't check authentication reliably in url_rewrite_access. Not
sure what will happen if you try, but I would not be surprised if your
observations is correct (not authenticated -> deny the use of the
url_rewrite_program).

Regards
Henrik

Received on Thu May 17 2007 - 14:22:40 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT