0 votes
sorry, third time I try to post this, getting a server error lol.

I have the web proxy setup with non-transparent and authentication required.
Users are in groups and are restricted depending on their functions.

Everything worked fine, until a clever person discovers that by inserting his username in CAPITAL letters, gave him full unrestricted access to any website.

Dave logs in with dave and his password, everything is fine and restricted.

Dave logs in with DAVE and his password, and he is completely unrestricted

I then tried to create the user DAVE but it didn't work.

Is there any way to fix this?

In Users
Saturday, October 17 2015, 06:19 PM
Share this post:

Accepted Answer

Sunday, October 18 2015, 10:12 PM - #Permalink
0 votes
Hi, sounds like a bug? to resolve this it sounds like squid needs to be made case insensitive, maybe try the following?

edit /etc/squid/squid.conf and add to the bottom:-
#to make username case insensitive
auth_param basic casesensitive off

Then restart the service with 'service squid restart'
The reply is currently minimized Show
Responses (1)
  • Accepted Answer

    Monday, October 19 2015, 10:38 AM - #Permalink
    0 votes
    Thanks for the prompt reply!

    I fixed the following issue, but going in to the content filter settings > default policy (as opposed to the ones I created for my users)> blanket ban.

    So that when they logged in with their capital letter USERNAME, they just go banned from the internet entirely.

    The issue that when a user used capital letters, strangely went to the default policy (which doesn't really make sense). After hours of searching, I finally found the solution.

    Your solution perhaps work, but I didn't try it. Thanks again
    The reply is currently minimized Show
Your Reply