I use simple NCSA. Then add small password file to NCSA directory. This password file is changed EVERY day, at 08:00am and 17:00pm. User have to call in to get the username/password of that day before they're able to use this office's squid (another way to audit who's working or not :-D) # heh! this line is extract from the very old 2.0 conf authenticate_program /usr/local/squid/bin/ncsa /usr/local/squid/etc/registered # this two lines never change eventhough it's now 2.6 acl MEMBER proxy_auth REQUIRED http_access deny !MEMBER 2008/6/13, ffredrixson@xxxxxxxxxxx <ffredrixson@xxxxxxxxxxx>: > > -------------- Original message ---------------------- > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > > ffredrixson@xxxxxxxxxxx wrote: > > > I'm trying to provide an externally available proxy to our employees. This way > > they can have the same basic protection when traveling that they get when > > they're inside our corporate walls. > > > > > > What acls or rules do I need to be looking at? > > > > > > I'm a newbie and just trying to keep my job. > > > > > > Thank you in advance. > > > > Safest ones are auth IMO. They can use any net connection, and link in > > through the proxy to get anywhere. > > After the local accepts and before the global external denial. > > > > Amos > > -- > > Please use Squid 2.7.STABLE2 or 3.0.STABLE6 > > > Thank you for your quick reply. > > What auth would you recommend? The powers above decided it shouldn't be Active Directory. What other auth is recommended? is there any based on a cert installed on the laptops? Or could it be cookie based? (I know it sounds like a dumb question but I know I'll be asked) Anything to avoid login and password would be great. > > Thank you again. > -- ... Lyrics of the Forest ...
