Thanks for the advice, indeed there is an acl definition for all, which I failed to put in the email.
acl all 0.0.0.0/0.0.0.0 ----- Original Message ----- From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Fred Evans" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, June 19, 2003 3:39 PM Subject: Re: [squid-users] Browser fails to prompt for authentication > On Thursday 19 June 2003 22.26, Fred Evans wrote: > > > http_access allow all users > > http_access allow manager localhost > > http_access deny manager > > http_access deny !Safe_ports > > http_access deny CONNECT !SSL_ports > > http_access allow localhost > > http_access deny all > > > And you remembered to restart (or at least reconfigure) squid after > making the suqid.conf changes? > > Note: The intended order of your http_access rules is to have the > "allow users" rule almost last, not first.. The first rules is to > restrict things no user should be able to do and to give localhost > slightly different permissions, and if you place your allow rule > before this then your rule gets a higher priority and these filters > are never reached. > > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost > http_access allow localhost > http_access allow users > http_access deny all > > (note: "all users" and "users" is the same thing) > > Or to restructure to make the rules maybe a little more visibe > > # Basic acl definitions > acl all src 0.0.0.0/0 > acl localhost src 127.0.0.1 > > # Allow cachemgr access from localhost only > acl manager proto cache_object > http_access allow manager localhost > http_access deny manager > > # Deny access to unsafe ports > acl Safe_ports ... > acl SSL_ports ... > acl CONNECT method CONNECT > http_access deny !CONNECT !Safe_ports > http_access deny CONNECT !SSL_ports > > # Deny proxy access to localhost server (often protected > # administrative HTTP servers runs on the localhost interface > # and should not be reachable via the proxy) > acl to_localhost dst 127.0.0.0/8 > http_access deny to_localhost > > # Allow localhost access without authentication > http_access allow localhost > > # Allow local authenticated users access > acl local_network src 192.168.0.0/16 > acl users proxy_auth REQUIRED > http_access allow local_network users > > # Deny all other uses of the proxy > http_access deny all > > > Hmm.. are you sure "squid -k parse" is happy? You do not seem to have > a definition of the "all" acl, but maybe this was forgotten in your > email only? > > Regards > Henrik > > > > > On Thu, 2003-06-19 at 12:38, Henrik Nordstrom wrote: > > > On Thursday 19 June 2003 19.04, Fred Evans wrote: > > > > I made sure that the password file is owned by the user squid > > > > runs as and is readable by that user. > > > > > > > > Prior to this installation of squid there was no transparent > > > > proxy. The browsers were not configured for proxying at all > > > > until I configured them to work with this install of squid. > > > > Further, I tested on IE and Mozilla for windows and Mozilla for > > > > linux. > > > > > > > > The config is as follows: > > > > > > > > auth_param basic program /usr/lib/squid/ncsa_auth > > > > /etc/squid.passwd auth_param basic children 5 > > > > auth_param basic credentialsttl 2 hours > > > > > > > > acl users proxy_auth REQUIRED > > > > http_access allow all users > > > > > > Looks good.. > > > > > > Any errors if you run "squid -k parse"? > > > > > > > > > Is there any other http_access lines before this? > > > (the order of your http_access lines is important) > > > > > > Regards > > > Henrik > > -- > Donations welcome if you consider my Free Squid support helpful. > https://www.paypal.com/xclick/business=hno%40squid-cache.org > > If you need commercial Squid support or cost effective Squid or > firewall appliances please refer to MARA Systems AB, Sweden > http://www.marasystems.com/, [EMAIL PROTECTED] >
