Squid Problem

Taking care of your Linux box.
Post Reply
waqas373
Cadet
Posts: 5
Joined: Fri Aug 01, 2003 12:04 am
Contact:

Squid Problem

Post by waqas373 »

i m facing some problem in deploying Squid (on FC2) in Windows based network. actually i m migrating from MS-ISA 2000 and use Active Directory for user authentication. my squid.conf is attached and the problems are as follows

--MSN messenger is not working
--how can i make the same protocol rules in squid as in MS ISA means there is 4 type of protocol rules 1- only browsing 2- only Messenger 3- browsing+IM+POP+SMTP 4- all allow

i am confuse in the 2nd point above becz in MSISA i applied the security restriction on USER bases (Domain username added) actually i dont want to add machine's IPs

i think if i made four groups in AD then define the acl in squid.conf with limitred rights, is this approach wrong or not ???

thanks in Advance

#SQUID.CONF

# NETWORK OPTIONS
# -----------------------------------------------------------------------------

http_port 8080
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 10 MB
cache_swap_low 80
cache_swap_high 90
maximum_object_size 2048 KB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

cache_dir ufs /squid/cache 6144 16 256
cache_access_log /squid/logs/access.log
cache_log /squid/logs/cache.log
cache_store_log /squid/logs/store.log
log_ip_on_direct on
client_netmask 255.255.0.0


# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1080
acl CONNECT method CONNECT

#http_access deny all
# Only allow cachemgr access from localhost
http_access allow manager localhost
#http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#http_access deny all
icp_access allow all



# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

cache_mgr my@networks
#cache_effective_group squid
cache_effective_user squid
cache_effective_group squid
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers

[/b]
Post Reply