Neil Watson wrote: > > I don't have another box test with. My proxy any my workstation are > the same computer. You're saying that ident can never work for a > lone workstation?
Did I say that? Neil, I've asked you twice if you are running squid as a transparent proxy and so far you haven't answered my question. Here's the reason that I've been asking: 1> Squid has your ident; you can see it there in the squid log. 2> Squid is *not* sending your ident to squidGuard, you can see that in your squidGuard log. 3> If squidGuard is not receiving your ident with the request, squidGuard cannot make decisions based on your ident. 4> If you want squidGuard to make use of your ident, you are going to have to convince Squid to send it to squidGuard with the request. 5> The only way to change Squid's behavior is by making changes in the squid.conf file. 6> So all we need to know is what changes to make in the squid.conf file. The issue may be with transparency. (See: http://squid-docs.sourceforge.net/latest/html/c2653.html#AEN2665) Or it may be something else. But it is definitely in your squid configuration and NOT your squidGuard configuration. > Should I head back to Junkbusters or is there another way to do > this? If you're looking for the path of least resistance, and Junkbusters does everything that you need, and you already have a working configuration for Junkbusters, I'd so go for it. (I am a little curious about why you tried squidGuard in the first place.) Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Neil Watson > Sent: Saturday, September 28, 2002 6:01 PM > To: [EMAIL PROTECTED] > Subject: Re: ident > > > On September 28, 2002 12:26 pm, Rick Matthews wrote: > The reason that your request is being handled by the default acl is > > easily seen in the log file entry: > > > > 2002-09-28 09:34:48 > > [20078] pid handling the request > > Request Is always "request", AFAIK > > (default/none/-) (source group/destination group/-) > > http://slashdot.org/ full requested url > > 127.0.0.1 request received from this ip > > /- - /- ident > > GET http method > > > > squidGuard sees this request as coming from ip:127.0.0.1 / ident:-, > > and checks through the source definitions: > > > > src neil - must be ip:127.0.0.1 AND ident:neil - no match > > src lisamarie - must be ip:10.0.0.10/8 AND ident:lisamarie - no match > > > > So squidGuard processes the request as an unknown source, through the > > default acl. > > > > So why didn't squid include the ident information in the request sent > > to squidGuard? Are you running squid as a tranparent proxy? Ident and > > transparent don't get along too well together. You might want to also > > test from a different box to see if transparent proxy makes the ip > > show as 127.0.0.1 for everyone. > > I don't have another box test with. My proxy any my workstation are the same >computer. You're saying that ident can > never work for a lone workstation? Should I head back to Junkbusters or is there >another way to do this? > > > -- > Neil Watson > Network Administrator > watson-wilson.ca > >
