On Thursday 19 June 2003 22.26, Fred Evans wrote: > http_access allow all users > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access deny all
And you remembered to restart (or at least reconfigure) squid after making the suqid.conf changes? Note: The intended order of your http_access rules is to have the "allow users" rule almost last, not first.. The first rules is to restrict things no user should be able to do and to give localhost slightly different permissions, and if you place your allow rule before this then your rule gets a higher priority and these filters are never reached. http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow localhost http_access allow users http_access deny all (note: "all users" and "users" is the same thing) Or to restructure to make the rules maybe a little more visibe # Basic acl definitions acl all src 0.0.0.0/0 acl localhost src 127.0.0.1 # Allow cachemgr access from localhost only acl manager proto cache_object http_access allow manager localhost http_access deny manager # Deny access to unsafe ports acl Safe_ports ... acl SSL_ports ... acl CONNECT method CONNECT http_access deny !CONNECT !Safe_ports http_access deny CONNECT !SSL_ports # Deny proxy access to localhost server (often protected # administrative HTTP servers runs on the localhost interface # and should not be reachable via the proxy) acl to_localhost dst 127.0.0.0/8 http_access deny to_localhost # Allow localhost access without authentication http_access allow localhost # Allow local authenticated users access acl local_network src 192.168.0.0/16 acl users proxy_auth REQUIRED http_access allow local_network users # Deny all other uses of the proxy http_access deny all Hmm.. are you sure "squid -k parse" is happy? You do not seem to have a definition of the "all" acl, but maybe this was forgotten in your email only? Regards Henrik > > On Thu, 2003-06-19 at 12:38, Henrik Nordstrom wrote: > > On Thursday 19 June 2003 19.04, Fred Evans wrote: > > > I made sure that the password file is owned by the user squid > > > runs as and is readable by that user. > > > > > > Prior to this installation of squid there was no transparent > > > proxy. The browsers were not configured for proxying at all > > > until I configured them to work with this install of squid. > > > Further, I tested on IE and Mozilla for windows and Mozilla for > > > linux. > > > > > > The config is as follows: > > > > > > auth_param basic program /usr/lib/squid/ncsa_auth > > > /etc/squid.passwd auth_param basic children 5 > > > auth_param basic credentialsttl 2 hours > > > > > > acl users proxy_auth REQUIRED > > > http_access allow all users > > > > Looks good.. > > > > Any errors if you run "squid -k parse"? > > > > > > Is there any other http_access lines before this? > > (the order of your http_access lines is important) > > > > Regards > > Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
