Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: GlitchFreak on November 05, 2007, 07:21:23 AM

Title: Squid, Dan and NSCA
Post by: GlitchFreak on November 05, 2007, 07:21:23 AM

Has anyone successfully got this working?

I've followed the various guides and I have setup my squid.conf using custom templates and it looks like this:

http_port 192.168.0.200:3128
http_port 127.0.0.1:3128
udp_incoming_address 192.168.0.200
udp_outgoing_address 0.0.0.0

auth_param basic program /usr/lib/squid/ncsa_auth /etc/proxyusers
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object


acl localsrc src 127.0.0.1 192.168.0.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 81 119 210 443 563 980 1024-65535
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
acl ncsa_users proxy_auth REQUIRED
acl time_acl time MTWHF 07:00-17:00
pid_filename /var/log/squid/squid.pid
logfile_rotate 0
append_domain .domain.tld
cache_mgr admin@domain.tld
ftp_user nobody@domain.tld
extension_methods REPORT MERGE MKACTIVITY CHECKOUT


http_access allow ncsa_users time_acl
http_access allow manager localsrc
http_access deny manager

http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB
always_direct allow webdav
always_direct allow all


I get a beloved "Cache Access Denied" with no prompt whatsoever for a user name and password.
I'm almost certain that the acl's etc. above are in the correct place, tested my password file with ncsa and it says the username & password combination, when entered is ok.

I have a feeling that Dan is not allowing a prompt to pop up, however I think this is unlikely. But I'm stumped so any assistance will be greatly appreciated.

Thanks!

GF

Title: Re: Squid, Dan and NSCA
Post by: byte on November 05, 2007, 02:49:28 PM

Moving this topic to the SME Server 7.x  contribs forum, it is more appropriate there. Thanks!

Title: Re: Squid, Dan and NSCA
Post by: GlitchFreak on November 05, 2007, 08:58:28 PM

Ok, can anyone tell me if DG and ncsa will work together?

Title: Re: Squid, Dan and NSCA
Post by: stephen noble on November 05, 2007, 09:13:32 PM

they do

Title: Re: Squid, Dan and NSCA
Post by: GlitchFreak on November 05, 2007, 10:33:56 PM

Ok, then is it necessary to enable the follow_x_forwarded_for option in DG?

And I think I narrowed the problem down. But I'll need to test.

Thanks for the assistance so far

Title: Re: Squid, Dan and NSCA
Post by: stephen noble on November 06, 2007, 04:44:11 AM

no, the only change is a db setting
it's all been done for you

[unless you have needs that require a custom template, then your on your own]

Title: Re: Squid, Dan and NSCA
Post by: GlitchFreak on November 06, 2007, 07:25:45 AM

But doesn't the db setting only apply to the dungog-proxy contrib which isn't gpl?

Title: Re: Squid, Dan and NSCA
Post by: stephen noble on November 06, 2007, 08:35:37 AM

no, smeserver-dansguardian
but I can see why your confused, I've clarified

http://wiki.contribs.org/Dansguardian#Modifying_Firewall_and_Proxy

Title: Re: Squid, Dan and NSCA
Post by: GlitchFreak on November 06, 2007, 09:01:19 AM

Thanks, I've done the above before however it didn't work.

I did the "config setprop squid RequireAuth nsca" and expanded the templates but I don't see any significant change in the squid.conf file. I could be wrong but shouldn't there be a change? Or is Dans changed?