Hello all,
I have Squid running on my firewall, and would like to get a few
features running - adzap, delay pools, and username/password
authentication. So far I've had success with adzap and delay pools,
but the authentication part isn't working.
I'm running version 2.5.STABLE11
configure options: --enable-storeio=diskd,ufs
--enable-linux-netfilter --enable-removal-policies=heap,lru
--enable-delay-pools --enable-auth=ntlm,basic
Unfortunately, when I add the auth bits to the config file, instead of
prompting clients for a username and password, it just spits out
====
ERROR: The requested URL could not be retrieved
You are not currently allowed to request
http://yahoo.com/
from this cache due to Access control configuration.
====
Squid appears to be starting correctly:
# restartsquid
2005/10/12 09:59:46| Creating Swap Directories
#
I've tested my auth program and password file; it works fine:
# /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/squid_passwd
blah blah
ERR
testuser2 test
OK
#
I'm sure my problem is due to some trivial error in my config, but
I've spent a couple days banging away at it without success. I'd
appreciate any advice.
Here's my squid.conf, which is mostly the default provided by my Linux
firewall distribution (SmoothWall):
==============================
# defaults were 8 MB and 32 KB, respectively
cache_mem 32 MB
maximum_object_size_in_memory 128 KB
# changed from GDSF to LFUDA - this means the squid proxy will
# keep the most popular files in the cache regardless of size
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
half_closed_clients off
cache_swap_high 100%
cache_swap_low 80%
shutdown_lifetime 3 seconds
icp_port 0
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_effective_user squid
cache_effective_group squid
pid_filename /var/run/squid.pid
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
error_directory /usr/local/squid/etc/smootherrors
emulate_httpd_log on
log_mime_hdrs off
forwarded_for off
auth_param basic program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/squid_passwd
auth_param basic children 5
auth_param basic realm Firewall
auth_param basic credentialsttl 2 hours
acl users1 src 192.168.36.3-192.168.36.250/32
acl users2 proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 445 443 441 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # smoothwall http
acl Safe_ports port 21 # ftp
acl Safe_ports port 445 443 441 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow users1 users2
#http_access allow localnet
http_access deny all
################################################################################
# delay_pools config
################################################################################
# define one class 2 pool
delay_pools 1
delay_class 1 2
# users1 follows the rules of pool 1
delay_access 1 allow users1
delay_access 1 deny all
# Everyone in users1 has access to the full bandwidth until
# his 2 megabyte bucket is empty, then it refills at 4 kbyte/sec
# 1 kbyte = 1024, 1 mb = 1048576
#delay_parameters 1 -1/-1 8192/4194304
delay_parameters 1 -1/-1 4096/2097152
# everyone's bucket starts out full
delay_initial_bucket_level 100
refresh_pattern -i \.jpg$ 9000000 100% 9000009 override-expire
refresh_pattern -i \.gif$ 9000000 100% 9000009 override-expire
refresh_pattern -i \.png$ 9000000 100% 9000009 override-expire
refresh_pattern -i \.exe$ 9000000 100% 9000009 override-expire
redirect_program /usr/local/adzap/scripts/wrapzap
Received on Wed Oct 12 2005 - 01:12:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST