Adam Aube schrieb:
>>But trying to connect (also trying to use just plain telnet) on port
>>65000 fails.
>>
>>
>
>Check to see if any local firewall is blocking access to port 65000. Also,
>you are running Squid in debug mode - are you leaving it running in your
>terminal's foreground while you test?
>
>
Of course I leave squid running.
I don't think that this port is blocked. Definitely not on my computer.
Maybe my ISP is blocking some port (I'm setting up this proxy in order
to bypass a censorship proxy).
<http://dict.leo.org/?p=14/p..&search=definitely>
One hour later: My ISP is apparently blocking high ports (< 1024).
Running on a low port makes it working.
>
>
>>My squid.conf: (prototype)
>>
>>
>
>
>
>>cache_access_log none
>>auth_param basic program /usr/lib/squid/pam_auth
>>http_access allow all
>>
>>
>
>[remainder of squid.conf snipped]
>
>
>
>>Since windows and also Firefox/Thunderbird do dnot support proxy
>>authentication (or am I wrong?) I have to allow access from all.
>>
>>
>
>You are wrong - IE, FireFox, Opera, and others support proxy authentication
>(provided they are configured to use a proxy).
>
>
I have seen no way of supplying a password and unsername to either
Firefox nor IE. Can you show it to me?
>
>
>>Is that squid.conf so far doing what I want?
>>
>>
>
>If what you want is "anyone who can establish a TCP connection to my proxy
>can use it, without any access logging", then yes.
>
>
If I can authenticate to the proxy, I'll change my requirements to use
the PAM authenticator.
>
>
>>Improvements?
>>
>>
>
>You could utilize the authentication support you configured. See the
>Authentication FAQ for more information:
>
>http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
>
>You will also want to use the cache_access_log and cache_log settings to
>specify basic log files for Squid, then run Squid normally by simply
>running "squid", rather than running it in the foreground.
>
>
But actually I was debugging. ;-)
When I change my squid.conf authentication settings to:
auth_param basic children 2
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/pam_auth
acl authenticated proxy_auth REQIRED
http_access allow authenticated
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny all
Will it be resonably safe and will do what I want?
Thanks,
Florian
Received on Sat Sep 18 2004 - 13:30:30 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT