Amos, The squid version is 3.1.19. The network is set up with a 192.168.0.X network on the lan side, and a 192.168.1.x network on the internet side. Both ports 3120 and 4120 require authentication, but port 4120 is meant to be restricted to only the whitelisted sites which are in a separate file. Port 3120 allows access to any site. The browser causing trouble is configured for port 3120, not 4120. Here is my squid.conf file:
http_port 3120 http_port 4120 intercept cache_dir ufs /var/spool/squid3 500 16 256 #not sure what this block is for refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl whitelist dstdomain "/etc/squid3/whitelist.conf" auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd auth_param basic children 6 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 4 hours auth_param basic casesensitive off acl ncsa_users proxy_auth REQUIRED #not sure what this line does acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid- internal-mgr/ acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines #acl http proto http acl SSL_ports port 443 acl port_80 port 80 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http #list of computers that have access by ip address acl allowed_clients src 192.168.0.9-192.168.0.45 192.168.0.53 192.168.0.65 192.168.0.83 192.168.0.90 192.168.0.91 192.168.0.179 192.168.0.186 192.168.0.220 192.168.0.221 192.168.0.244 acl portX myportname 4120 http_access allow portX whitelist http_access deny portX acl deny_websites dstdomain "/etc/squid3/deny_websites.conf" acl CONNECT method CONNECT #acl wuCONNECT dstdomain "/etc/squid3/whitelist.conf" #acl wuCONNECT dstdomain sls.microsoft.com #rule allowing nonauthenticated users #http_access allow http port_80 whitelist http_access allow CONNECT SSL_ports whitelist #other access rules #http_access deny !ncsa_users http_access allow CONNECT localnet http_access deny deny_websites http_access allow allowed_clients ncsa_users http_access deny !allowed_clients #http_access allow ncsa_users http_access allow manager localhost http_access deny manager http_access deny !Safe_ports #http_access deny CONNECT !SSL_ports http_access allow localhost #http_access allow localnet http_access deny all If the conf file is a mess, or has some problems, feel free to say so, as I don't know what all of the directives in it are for. I marked a couple of lines I don't understand. I would be happy for it to be optimized more if anyone has ideas. Thanks, PH On Mon, Dec 11, 2017 at 7:16 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 12/12/17 11:04, Paul Hackmann wrote: > >> Has anyone had the instance where the proxy will ask the user to >> authenticate several times as they are browsing the web? I have been >> seeing this as a random occurrence for some of the users on the server. It >> will pop up a login prompt in the browser repeatedly for a minute or two. >> Then it will settle down and be fine for hours. I'm trying to track it >> down, but I can't find anything amiss. The access logs haven't shown >> anything unusual. I am using basic authentication with the proxy settings >> set in firefox. Is this something that a spike in traffic on the server >> could cause? Anybody have any suggestions? The server is linux based. >> >> > What version of Squid? > What ACLs and http_access configuration? > > Amos > _______________________________________________ > > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
