sorry, third time I try to post this, getting a server error lol.
I have the web proxy setup with non-transparent and authentication required.
Users are in groups and are restricted depending on their functions.
Everything worked fine, until a clever person discovers that by inserting his username in CAPITAL letters, gave him full unrestricted access to any website.
Example:
Dave logs in with dave and his password, everything is fine and restricted.
Dave logs in with DAVE and his password, and he is completely unrestricted
I then tried to create the user DAVE but it didn't work.
Is there any way to fix this?
Yashar
I have the web proxy setup with non-transparent and authentication required.
Users are in groups and are restricted depending on their functions.
Everything worked fine, until a clever person discovers that by inserting his username in CAPITAL letters, gave him full unrestricted access to any website.
Example:
Dave logs in with dave and his password, everything is fine and restricted.
Dave logs in with DAVE and his password, and he is completely unrestricted
I then tried to create the user DAVE but it didn't work.
Is there any way to fix this?
Yashar
In Users
Share this post:
Accepted Answer
Hi, sounds like a bug? to resolve this it sounds like squid needs to be made case insensitive, maybe try the following?
edit /etc/squid/squid.conf and add to the bottom:-
Then restart the service with 'service squid restart'
edit /etc/squid/squid.conf and add to the bottom:-
#to make username case insensitive
auth_param basic casesensitive offThen restart the service with 'service squid restart'
Responses (1)
-
Accepted Answer
Thanks for the prompt reply!
I fixed the following issue, but going in to the content filter settings > default policy (as opposed to the ones I created for my users)> blanket ban.
So that when they logged in with their capital letter USERNAME, they just go banned from the internet entirely.
The issue that when a user used capital letters, strangely went to the default policy (which doesn't really make sense). After hours of searching, I finally found the solution.
Your solution perhaps work, but I didn't try it. Thanks again
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »