Search squid archive

RE: [squid-users] Don't require auth for some sites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: Matt Alexander [mailto:lowbassman@xxxxxxxxx]
> Sent: Friday, February 04, 2005 1:05 PM
> To: squid-users@xxxxxxxxxxxxxxx
> Subject: [squid-users] Don't require auth for some sites
> 
> 
> I have Squid configured to authenticate users to our Active Directory
> and verify that they're in the "Internet" group before allowing access
> to the web.
> 
> However, there are some URLs that we want anyone to access without
> requiring authentication.  How would I configure Squid to bypass the
> authentication acl for a list of sites, such as *.foo.com, bar.com,
> and 172.16.*?
> 
> Here's the config:
> 
> http_port 8080
> icp_port 0
> cache_peer 127.0.0.1 parent 2543 7 proxy-only no-query
> no-netdb-exchange login=*:nopassword default
> maximum_object_size 25600 KB
> cache_dir aufs /var/spool/squid 500 16 256
> auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 20
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 30 minutes
> auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Web Proxy
> auth_param basic credentialsttl 2 hours
> acl ads dstdom_regex -i "/etc/squid/adservers"
> http_access deny ads
> external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
> /usr/lib/squid/wbinfo_group.pl

acl allow_url dstdomain .foo.com bar.com
acl allow_ip dst 172.16.0.0/255.255.0.0
http_access allow allow_url
http_access allow allow_ip

> acl internetusers external nt_group internet
> http_access allow internetusers
> half_closed_clients off
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443
> acl CONNECT method CONNECT
> acl PURGE method PURGE
> http_access allow PURGE localhost
> acl winbind proxy_auth REQUIRED
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> forwarded_for off
> never_direct allow all
> coredump_dir /var/spool/squid

Add the above acls and http_access lines at the point specified, and those
domains and IPs will be allowed access without prompting for authentication.

Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux