Adam Aube schrieb:
Of course I leave squid running.But trying to connect (also trying to use just plain telnet) on port
65000 fails.
Check to see if any local firewall is blocking access to port 65000. Also,
you are running Squid in debug mode - are you leaving it running in your
terminal's foreground while you test?
I don't think that this port is blocked. Definitely not on my computer. Maybe my ISP is blocking some port (I'm setting up this proxy in order to bypass a censorship proxy). <http://dict.leo.org/?p=14/p..&search=definitely> One hour later: My ISP is apparently blocking high ports (< 1024). Running on a low port makes it working.
My squid.conf: (prototype)
cache_access_log none
auth_param basic program /usr/lib/squid/pam_auth
http_access allow all
[remainder of squid.conf snipped]
Since windows and also Firefox/Thunderbird do dnot support proxy
authentication (or am I wrong?) I have to allow access from all.
You are wrong - IE, FireFox, Opera, and others support proxy authentication
(provided they are configured to use a proxy).
I have seen no way of supplying a password and unsername to either Firefox nor IE. Can you show it to me?
Is that squid.conf so far doing what I want?
If what you want is "anyone who can establish a TCP connection to my proxy
can use it, without any access logging", then yes.
If I can authenticate to the proxy, I'll change my requirements to use the PAM authenticator.
Improvements?
You could utilize the authentication support you configured. See the Authentication FAQ for more information:
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
You will also want to use the cache_access_log and cache_log settings to
specify basic log files for Squid, then run Squid normally by simply
running "squid", rather than running it in the foreground.
But actually I was debugging. ;-)
When I change my squid.conf authentication settings to:
auth_param basic children 2 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic program /usr/lib/squid/pam_auth acl authenticated proxy_auth REQIRED http_access allow authenticated http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access deny all
Will it be resonably safe and will do what I want?
Thanks, Florian
