On Mon, Apr 04, 2005 at 11:12:35AM -0700, mlist@xxxxxxxxxxxxxxx wrote: > We have 12 locations in our Intranet with all internet blocked except for > a few selected websites. Some users need full access to the Internet. > They use thin clients to a Debian server and are configured to access > select sites through our Squid Proxy. Since we use one server per > location. I cannot configure spefic IP addresses from each client. The > Proxy see's only the server IP. I think using User:Password > Authentication would be the plausible solution. I need to know if it is > posible to use User:Password authentication only when needed. Following > the rules of the ACL; I need it only to prompt for username and password > when the conditions are not met. I do not want it to prompt for > user/password every time someone uses their web browser. > I understand that you must add the following to the squid.conf file. > authenticate_program /usr/local/squid/bin/ncsa_auth > /usr/local/squid/etc/passwd > > Can it be placed as a ACL condition when my existing conditions are not met? ACLs work like firewall rules. They are evaluated one by the other until one matches. That one is run and the rest ignored. So an example would be: acl allowed_ips src 10.0.0.4 10.1.0.0/16 10.0.5.154 acl authentication proxy_auth REQUIRED http_access allow allowed_ips http_access allow authentication http_access deny all Christoph -- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 All
