Solved

Squish: Users over their quota are not denied

Posted on 2009-07-06
1
991 Views
Last Modified: 2013-11-08
Hello,

I am trying to use Squish with Squid and NCSA authentication. Squish is not denying users that are over quota. I think it might me the order of the ACLs in my squid.conf file.

Thank you for your help!
#Recommended minimum configuration:
#	
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access allow CONNECT !SSL_ports
# 
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#               
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 
 
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
 
### added by squish (begin)
# acl's for squish - autodetected, sometimes
acl SQUISHLOC dst server.net
acl SQUISHED1 proxy_auth -i "/etc/squid/squished"
acl password proxy_auth REQUIRED
acl SQUISHED2 ident    "/etc/squid/squished"
acl SQUISHED3 src        "/etc/squid/squished"
 
# Error info that says you're squished
deny_info http://server.net/?squished& SQUISHED1
deny_info http://server.net/squish/?squished& SQUISHED2
deny_info http://server.net/squish/?squished& SQUISHED3
 
# HTTP access controls for squish
http_access allow SQUISHLOC
http_access allow password !SQUISHED1
http_access deny SQUISHED1
http_access deny SQUISHED2
http_access deny SQUISHED3
### added by squish (end)
 
# Example rule allowing access from your local networks. Adapt   
# to list your (internal) IP networks from where browsing should
# be allowed
 
 
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all

Open in new window

0
Comment
Question by:drew17
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
drew17 earned 0 total points
ID: 24788103
I figure it out. I need to remove or comment out line 20:

http_access allow ncsa_users

to

#http_access allow ncsa_users
0

Featured Post

Quiz: What Do These Organizations Have In Common?

Hint: Their teams ended up taking quizzes, too.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question