search for: http_access

...ternal_acl_type ip_user %SRC %LOGIN /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN acl clientips src 192.168.101.28 192.168.101.29 192.168.101.30 acl allowedsites url_regex -i "/etc/squid/allowedsites.txt" http_access deny !ncsa_users http_access deny !ip_users http_access deny clientips !allowedsites http_access allow ip_users clientips http_access allow ip_users allowedsites http_access allow ncsa_users clientips http_access allow ncsa_users allowedsites http_access deny clientips Then, created /etc/squid/ip....

...l acl Safe_ports port 8080 # http acl Safe_ports port 8443 # http acl Safe_ports port 1025-65535 # unregistered ports acl purge method PURGE acl CONNECT method CONNECT # ---- Windows Update ---- acl microsoft url_regex "/etc/squid/acls/ms-update" acl atualizacoes dstdomain microsoft.com http_access allow microsoft http_access allow atualizacoes http_access allow localhost http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl autenticados proxy_auth REQUIRED http_access deny !autenticados acl sites_liberados url_regex -...

...# unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications...

....com, bbc.com. I want to limit in that way. I have wriiten below rules. But those users still can access all the sites. external_acl_type ip_user %SRC %LOGIN %DST /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users http_access allow ncsa_users my ip.conf file is like this. [root at worldnet squid]# cat /etc/squid/ip.conf 192.168.101.25 indunil .google.com .bbc.com .cnn.com 192.168.101.90 www90 Accoring to the above file, User indunil...

Hello, I've got a centos5 box that is now behind a what was transparent squid proxy. The proxy now has it's own dedicated ip and uses proxy basic authentication. I've got a firewall that redirects all outgoing port 80 traffic to that ip so anyone wishing access goes proxied. The problem is yum on my centos5 can't retrieve the .xml files for the various yum repositories. In

...# wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # R?gles d'acc?s http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all # Ports du proxy http_port 3130 http_port 3128 intercept https_port 3129 intercept ssl-bump \ cert=/etc/sq...

....., here is the /etc/squid/squid.conf <squid.conf> acl localnet src 192.168.1.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all http_reply_access allow all http_port 3128 cache_dir ufs /var/spool/squid 164...

...255 acl localnet src 10.14.1.0/255.255.255.0 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access allow localnet http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all cache_mgr cache-me cache_effective_user squid cache_effective_group squid logfile_rotate 0 log_icp_queries off buffered_logs on half_...

...rts port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications runn...

...e_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncomment...

...ttp-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncomment...

...ngHours1 google reply_body_max_size 500000000 allow WorkingHours2 google reply_body_max_size 500000000 allow WorkingHours3 google reply_body_max_size 5000000 allow WorkingHours2 youtube reply_body_max_size 5000000 allow WorkingHours1 youtube reply_body_max_size 50000000 allow WorkingHours3 youtube http_access allow google indus http_access allow youtube indus reply_body_max_size 26000000 allow WorkingHours1 all reply_body_max_size 26000000 allow WorkingHours2 all reply_body_max_size 50000000 allow WorkingHours3 all http_access allow allowindus WorkingHours4 http_access allow indus Do let me know if y...

...acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 10.121.0.0/16 172.25.0.0/16 10.122.1.0/24 http_access allow our_networks http_access allow localhost http_access deny all http_reply_access allow all icp_access all...

...0 5080 81 80 443 21 20acl manager proto cache_objectacl purge method PURGEacl connect method CONNECTacl dynamic urlpath_regex cgi-bin \?acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"cache deny dynamichttp_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !safeportshttp_access deny CONNECT !sslports # Always allow localhost connectionshttp_access allow localhost request_body_max_size 0 KBreply_body_max_size 0 deny alldelay_pools 1de...

...25-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 192.168.0.0/24 10.0.0.0/24 127.0.0.1 http_access allow our_networks http_access allow localhost http_reply_...

...t 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # R?gles d'acc?s http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet # Port du proxy http_port 3128 # Taille du cache dans la RAM cache_mem 256 MB # Vidage syst?me coredump_dir /var/spool/squid # Dur?e de vie des fichiers sans date d'expiration refresh_pattern ^ftp: 1440 20% 100...

...have added to squid.conf file. auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users We are currently browsing internet with usernames and passwords. But the problem is a user can access internet from all the workstation with his username and password. I do not need it. I only want a user to access internet from his machine. Solution to that is binding an ip addr...

...uid/ncsa_auth /etc/squid/squid_passwd > > auth_param basic children 5 > > auth_param basic realm Squid proxy-caching web server > > auth_param basic credentialsttl 2 hours > > auth_param basic casesensitive off > > > > acl ncsa_users proxy_auth REQUIRED > > http_access allow ncsa_users > > > > We are currently browsing internet with usernames and passwords. But > > the problem is a user can access internet from all the workstation > > with his username and password. I do not need it. I only want a user > > to access internet from his...

...uth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours And my ACL's acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 http_access allow localhost acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers http_access deny all http_reply_access allow all And if I try to browse anywebsite at all, the squid access.log shows TCP_DENIED/407 In the squid cache.log I can see it authenticateValidateUser:...

...025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # R?gles d'acc?s > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localnet > > # Port du proxy > http_port 3128 > > # Taille du cache dans la RAM > cache_mem 256 MB > > # Vidage syst?me > coredump_dir /var/spool/squid > > # Dur?e de vie des fichiers s...