>>> On 7/19/05, Robert Becskei <brobiwbe@xxxxxxxxxxxxx> wrote: >>> Hello everyone, >>> >>> I have my proxy server running on the same computer which is my router, >>> the problem is (till I seperate the two,...which I will but later) >>> that squid asks for username/password for lan computers as well, is there >>> a way to tell squid to allow 192.168.x.x without username / password ? >>> >>> Sincerely >>> Robert B >> >> ----- Original Message ----- >> From: "Kashif Ali Bukhari" <kbukhari@xxxxxxxxx> >> To: "Robert Becskei" <brobiwbe@xxxxxxxxxxxxx> >> Cc: <squid-users@xxxxxxxxxxxxxxx> >> Sent: Tuesday, July 19, 2005 10:14 >> Subject: Re: Howto conf. Squid to allow lan without username >> password >> >> >> ok >> u can allows Ur >> 192.168.x.x before authentications >> like >> >> acl lan src 192.168.0.0/24 >> http_access allow all >> >> Note: and in next line write authentication acls >> >> > -----Original Message----- > From: Robert Becskei [mailto:brobiwbe@xxxxxxxxxxxxx] > Sent: Tuesday, July 19, 2005 12:35 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: re Howto conf. Squid to allow lan without > username password > > > Hello , > > thank you for the fast response, but will this work the way I would like it > to : > > I don't allow any users to go to the internet without authentication, ... > I wan't to allow all my users to be able to view webpages that are > 192.168.x.x without username / password. (security camera stuff) > > currently if you type http://192.168.1.109 (which is a security camer > server > webpage) squid asks for a password, I wish that squid would not ask for a > password. > > > acl lan src 192.168.0.0/24 > http_access allow lan > > will allow these users to use the internet without password as well? > > my current squid.conf looks like this : (so you can better understand my > current situation) > > http_port 3228 > auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password > auth_param basic children 5 > auth_param basic realm Username And Password Required For Internet Access > auth_param basic credentialsttl 8 hours > cache_mem 48 MB > maximum_object_size_in_memory 256 KB > maximum_object_size 1024 KB > cache_dir ufs /proxy1/ 6000 14 256 > cache_dir ufs /proxy2/ 6000 14 256 > cache_mgr brobiwbe@********* > cache_effective_user nobody > cache_effective_group nobody > forwarded_for off > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl Dangerous_ports port 7 9 19 22 23 25 53 109 110 119 > acl CONNECT method CONNECT > acl deny_ext urlpath_regex -i "/etc/squid/deny_ext" > acl nem_cachelunk dstdomain .google.com > no_cache deny nem_cachelunk > acl nem_cachelunk2 dstdomain .deltabanka.co.yu > no_cache deny nem_cachelunk2 > acl microsoft_update dstdomain .microsoft.com > acl microsoft_update2 dstdomain .download.windowsupdate.com > acl helpserver dstdomain .helpserver.vir > acl FTP proto FTP > always_direct allow FTP > acl deltabank dstdomain .deltabanka.co.yu > acl authentic proxy_auth internet > acl masterUser proxy_auth master > acl bridge_univerzal src 192.168.1.200 > acl alstar_mail src 192.168.2.200 > acl teszt_cucc src 192.168.1.211 > acl bridge_capriolo src 192.168.0.200 > acl robi src 192.168.1.197 > acl shops src "/etc/squid/prod_banned" > acl workTime time MTWHF 06:00-17:00 > http_access deny Dangerous_ports > http_access allow helpserver > http_access deny shops workTime > deny_info ERR_PROD_BANNED shops workTime > http_access allow microsoft_update > http_access allow microsoft_update2 > http_access allow deltabank > http_access allow masterUser > http_access deny deny_ext > http_access allow bridge_univerzal > http_access allow bridge_capriolo > http_access allow alstar_mail > http_access allow teszt_cucc > http_access allow robi > http_access allow authentic > http_access deny all > redirector_access deny masterUser > redirect_program /usr/bin/squidguard > redirect_children 4 > > > Sincerely > Robert B > acl from_lan src 192.168.0.0/24 acl to_lan dst 192.168.0.0/24 ... http_access allow from_lan to_lan http_access allow authentic http_access deny all Local traffic is permitted without authentication. Chris
