I have a problem with Squid 3 on Debian 8.2 When the users open your browsers, the squid asks the name and password. Until this moment is OK, but if the users inform only the password (field "name" not filled - in blank), the navigation is permitted.
The following is my squid.conf file: http_port 3128 cache_mem 512 MB cache_swap_low 80 cache_swap_high 90 maximum_object_size 512 MB minimum_object_size 0 KB maximum_object_size_in_memory 4096 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA quick_abort_min -1 KB detect_broken_pconn on fqdncache_size 1024 ### CACHE refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ### LOGS access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_dir aufs /var/spool/squid3 600 16 256 #Allow Acces acl caixa dstdomain .caixa.gov.br cache deny caixa # NTLM auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=EMPRESA auth_param ntlm children 20 auth_param ntlm keep_alive off # BASIC auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Autenticacao Básica - Acesso Monitorado auth_param basic credentialsttl 8 hours /usr/lib/squid3/ext_wbinfo_group_acl external_acl_type ad_group %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl -d visible_hostname proxy.empresa.com ### ACLs acl localhost src 192.168.200.35/32 acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, bacula acl Safe_ports port 21 # ftp acl Safe_ports port 70 # gopher acl Safe_ports port 80 # http acl Safe_ports port 88 # kerberos acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 389 # ldap acl Safe_ports port 443 # https acl Safe_ports port 464 # kerberos password acl Safe_ports port 488 # gss-http acl Safe_ports port 563 # snews acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 1025-65535 # unregistered ports acl purge method PURGE acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge acl group_admins external ad_group gg_webadmins acl group_managers external ad_group gg_webliberados acl grupo_commons external ad_group domain%20users ### ALLOW UPDATE acl updates url_regex -i "/etc/squid3/acls/updates" http_access allow updates ### DENY EXTENSIONS acl extensions_deny url_regex -i "/etc/squid3/acls/extensions-denied" ### ALLOW SITES acl sites_allows url_regex -i "/etc/squid3/acls/sites-allow" acl sites_denied url_regex -i "/etc/squid3/acls/sites-denied" acl users proxy_auth REQUIRED http_access allow group_admins http_access deny extensions-denied http_access allow sites_allows http_access deny sites_denied http_access allow group_manager # SquidGuard Rules redirect_program /usr/bin/squidGuard redirect_children 20 redirector_bypass on http_access allow group_common http_access allow users ### LAN ##### acl lan-net src 192.168.200.0/22 acl wireless-net src 192.168.210.0/22 http_access allow lan-net http_access allow wireless-net #negando o acesso para todos que nao estiverem nas regras anteriores http_access deny all ### Errors error_directory /usr/share/squid3/errors/en coredump_dir /var/spool/squid3 Regards, Márcio
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
