[squid-users] proxy_auth question from Kenneth Oncinian on 2006-03-03 (squid-users)

From: Kenneth Oncinian <kenneth.oncinian@dont-contact.us>
Date: Sat, 04 Mar 2006 14:42:36 +0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

I have a question regarding proxy_auth, I hope you guys can point me
to where I am doing things wrong.

My issue is, if I use the following:

acl password proxy_auth /usr/local/squid/etc/limited
http_access deny password

and /usr/local/squid/etc/limited contains the value
"kenneth" (without the quotes"), I am still allowed http access if i type
kenneth as my user name.

but if i use:
acl password proxy_auth kenneth
http_access deny password

it works, user kenneth is denied http access.

So, is it possible for proxy_auth to get the username on a file?

Below is my complete squid.conf
- ---

cache_peer xx.xx.xx.xx parent 8080 0 no-query proxy-only default
http_port 3128

cache_effective_user squid
cache_effective_group squid

cache_mgr postmaster@f00.org

cache_dir null /tmp

auth_param basic program /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/squidusers
auth_param basic children 5
auth_param basic realm DEVELOPMENT SERVER [ >:) ]
auth_param basic credentialsttl 2 hours

acl password proxy_auth /usr/local/squid/etc/limited
acl test src 10.87.4.2/255.255.255.255

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

never_direct allow all
http_access deny password
http_access allow all
- --

thanks and best regards,

- --

Kenneth P. Oncinian
Panasonic Communications Philippines Corporation
Information Systems Division - Network and Infrastructure Department
- --
PGP Public Key: http://m.1asphost.com/koncinian/koncinian.gnupg.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFECTbb9MTaiXoaMBgRAkI/AJ4sW0UYib4Hu1xmX/WnYTHjLtQuZACfalsm
UoZp8eZb+OreJJ6WiFhhgsM=
=/KN/
-----END PGP SIGNATURE-----
Received on Fri Mar 03 2006 - 23:43:12 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST