[squid-users] Squid Java Applet Authentication Request

[Burnes, James]

Anyone,

Perhaps I just didn't see this feature in the Squid docs, but does Squid
by default try to launch an authentication dialog when it see's Java
applet content in the stream?

I was on Standard Networks website and they are apparently using Java
applets.  I waited for the applet to start, but I could have sworn that
Squid popped up an authentication dialog in Java so I could have access
to the applet.

I didn't type anything into it because I didn't know whether it was
legit.

If it's real, that's a cool feature and I wonder how easy it would be to
only give certain user groups java applet access.  You might want to put
a Squid icon on the dialog stamped with the IP of the squid server
itself so that it's not used as a man-in-the-middle attack.

Thx,

jim burnes
security engineer
great-west, denver
 

[squid-users] Strange ACL behavior

[Burnes, James]

Hey people:

Maybe this is something I'm overlooking, a common noob error or a typo,
but the following few ACLs and access rules just aren't behaving like I
think they should...

I'm trying to grant unlimited web access to any authenticated user and
limited access to non-authenticated users.

Here are my acls/allows
.
.
.
acl safedomains dstdomain .mycompany.com
acl authenticated_users proxy_auth

http-access allow safedomains
http-access allow authenticated_users
http-access deny all
.
.
.

When I use this configuration it allows un-authenticated access to
www.mycompany.com, but on any other web page it tries to authenticate
the user.  Great so far, but after authenticating the user it denies
them access to the page they requested.

If you pull the 'http-access allow safedomains' out of the squid.conf
file, it allows authenticated users access to whatever they want, but of
course doesn't allow un-authenticated access.

What's up with that?

Any ideas?


jim burnes
security engineer
great-west, denver