I changed http_access allow users TO http_access deny !users in my squid.conf file, but dosen't solved my problem
http_port 3128 cache_mem 512 MB cache_swap_low 80 cache_swap_high 90 maximum_object_size 512 MB minimum_object_size 0 KB maximum_object_size_in_memory 4096 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA quick_abort_min -1 KB detect_broken_pconn on fqdncache_size 1024 ### CACHE refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ### LOGS access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_dir aufs /var/spool/squid3 600 16 256 #Allow Acces acl caixa dstdomain .caixa.gov.br cache deny caixa # NTLM auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=EMPRESA auth_param ntlm children 20 auth_param ntlm keep_alive off # BASIC auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Autenticacao Básica - Acesso Monitorado auth_param basic credentialsttl 8 hours /usr/lib/squid3/ext_wbinfo_group_acl external_acl_type ad_group %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl -d visible_hostname proxy.empresa.com ### ACLs acl localhost src 192.168.200.35/32 acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, bacula acl Safe_ports port 21 # ftp acl Safe_ports port 70 # gopher acl Safe_ports port 80 # http acl Safe_ports port 88 # kerberos acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 389 # ldap acl Safe_ports port 443 # https acl Safe_ports port 464 # kerberos password acl Safe_ports port 488 # gss-http acl Safe_ports port 563 # snews acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 1025-65535 # unregistered ports acl purge method PURGE acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge acl group_admins external ad_group gg_webadmins acl group_managers external ad_group gg_webliberados acl grupo_commons external ad_group domain%20users ### ALLOW UPDATE acl updates url_regex -i "/etc/squid3/acls/updates" http_access allow updates ### DENY EXTENSIONS acl extensions_deny url_regex -i "/etc/squid3/acls/extensions-denied" ### ALLOW SITES acl sites_allows url_regex -i "/etc/squid3/acls/sites-allow" acl sites_denied url_regex -i "/etc/squid3/acls/sites-denied" acl users proxy_auth REQUIRED http_access deny !users http_access allow group_admins http_access deny extensions_denied http_access allow sites_allows http_access deny sites_denied http_access allow group_manager # SquidGuard Rules redirect_program /usr/bin/squidGuard redirect_children 20 redirector_bypass on http_access allow group_common ### LAN ##### acl lan-net src 192.168.200.0/22 acl wireless-net src 192.168.210.0/22 http_access allow lan-net http_access allow wireless-net #negando o acesso para todos que nao estiverem nas regras anteriores http_access deny all ### Errors error_directory /usr/share/squid3/errors/en coredump_dir /var/spool/squid3 Regards, Márcio 2016-08-08 18:22 GMT-03:00 Marcio Demetrio Bacci <marcioba...@gmail.com>: > I have a problem with Squid 3 on Debian 8.2 > > When the users open your browsers, the squid asks the name and password. > Until this moment is OK, but if the users inform only the password (field > "name" not filled - in blank), the navigation is permitted. > > The following is my squid.conf file: > > http_port 3128 > cache_mem 512 MB > cache_swap_low 80 > cache_swap_high 90 > maximum_object_size 512 MB > minimum_object_size 0 KB > maximum_object_size_in_memory 4096 KB > cache_replacement_policy heap LFUDA > memory_replacement_policy heap LFUDA > quick_abort_min -1 KB > detect_broken_pconn on > fqdncache_size 1024 > > ### CACHE > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > ### LOGS > access_log /var/log/squid3/access.log > cache_log /var/log/squid3/cache.log > > cache_dir aufs /var/spool/squid3 600 16 256 > > #Allow Acces > acl caixa dstdomain .caixa.gov.br > cache deny caixa > > # NTLM > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > --domain=EMPRESA > auth_param ntlm children 20 > auth_param ntlm keep_alive off > > > # BASIC > auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5- > basic > auth_param basic children 5 > auth_param basic realm Autenticacao Básica - Acesso Monitorado > auth_param basic credentialsttl 8 hours > > /usr/lib/squid3/ext_wbinfo_group_acl > external_acl_type ad_group %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl -d > > visible_hostname proxy.empresa.com > > ### ACLs > acl localhost src 192.168.200.35/32 > acl SSL_ports port 22 443 563 7071 10000 # ssh, https, snews, bacula > acl Safe_ports port 21 # ftp > acl Safe_ports port 70 # gopher > acl Safe_ports port 80 # http > acl Safe_ports port 88 # kerberos > acl Safe_ports port 210 # wais > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 389 # ldap > acl Safe_ports port 443 # https > acl Safe_ports port 464 # kerberos password > acl Safe_ports port 488 # gss-http > acl Safe_ports port 563 # snews > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 1025-65535 # unregistered ports > > acl purge method PURGE > acl CONNECT method CONNECT > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > > acl group_admins external ad_group gg_webadmins > acl group_managers external ad_group gg_webliberados > acl grupo_commons external ad_group domain%20users > > ### ALLOW UPDATE > acl updates url_regex -i "/etc/squid3/acls/updates" > http_access allow updates > > > ### DENY EXTENSIONS > acl extensions_deny url_regex -i "/etc/squid3/acls/extensions-denied" > > ### ALLOW SITES > acl sites_allows url_regex -i "/etc/squid3/acls/sites-allow" > acl sites_denied url_regex -i "/etc/squid3/acls/sites-denied" > > acl users proxy_auth REQUIRED > > http_access allow group_admins > > http_access deny extensions-denied > http_access allow sites_allows > http_access deny sites_denied > > http_access allow group_manager > > # SquidGuard Rules > redirect_program /usr/bin/squidGuard > redirect_children 20 > redirector_bypass on > > http_access allow group_common > > http_access allow users > > ### LAN ##### > acl lan-net src 192.168.200.0/22 > acl wireless-net src 192.168.210.0/22 > > > http_access allow lan-net > http_access allow wireless-net > > #negando o acesso para todos que nao estiverem nas regras anteriores > http_access deny all > > ### Errors > error_directory /usr/share/squid3/errors/en > coredump_dir /var/spool/squid3 > > Regards, > > Márcio >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
