I have Squid configured to authenticate users to our Active Directory and verify that they're in the "Internet" group before allowing access to the web. However, there are some URLs that we want anyone to access without requiring authentication. How would I configure Squid to bypass the authentication acl for a list of sites, such as *.foo.com, bar.com, and 172.16.*? Here's the config: http_port 8080 icp_port 0 cache_peer 127.0.0.1 parent 2543 7 proxy-only no-query no-netdb-exchange login=*:nopassword default maximum_object_size 25600 KB cache_dir aufs /var/spool/squid 500 16 256 auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 30 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Web Proxy auth_param basic credentialsttl 2 hours acl ads dstdom_regex -i "/etc/squid/adservers" http_access deny ads external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl acl internetusers external nt_group internet http_access allow internetusers half_closed_clients off acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 acl CONNECT method CONNECT acl PURGE method PURGE http_access allow PURGE localhost acl winbind proxy_auth REQUIRED http_access allow localhost http_access deny all http_reply_access allow all forwarded_for off never_direct allow all coredump_dir /var/spool/squid