> > Here is the main part of my config: > > > > http_port 80 defaultsite=site.company.org https_port 443 > > cert=/etc/ssl/certs/company.org.cert \ > > key=/etc/ssl/certs/company.org.key \ > > defaultsite=site.company.org > > > > cache_peer site.company.org parent 443 0 no-query \ > > originserver ssl sslflags=DONT_VERIFY_PEER name=myAccel acl > > our_sites dstdomain site.company.org acl all src 0.0.0.0/0.0.0.0 > > > > auth_param basic program /usr/lib/squid/ldap_auth \ > > -R -b "dc=company,dc=org" -D > > "cn=squid_user,cn=Users,dc=company,dc=org" \ > > -w "password" -f sAMAccountName=%s -h 192.168.1.2 > auth_param > > basic children 5 auth_param basic realm Our Site auth_param basic > > credentialsttl 5 minutes > > > > acl ldap_users proxy_auth REQUIRED > > > > http_access allow ldap_users > > http_access allow our_sites > > If I understand you correctly that should be: > > http_access allow our_sites ldap_users > http_access deny all > > > cache_peer_access myAccel allow our_sites > > > > Andrew > > > > That config should be do it. > Perhapse a "never_direct allow our_sites" to prevent > non-peered traffic. OK. I'll add in those options. Currently, if a user connects on port 80 they are not forwarded to port 443 until after logging in and actually clicking a link on the website. They then are prompted to login a second time on port 443. Can Squid redirect to port 443 immediately before login or do I need to setup Apache to do this? Can I add in an ACL to permit users from certain IP ranges to access the site with having to authenticate to LDAP? I'm thinking about sending all users through Squid but I don't want to force users on our LAN to have to authenticate. Thanks! Andrew
