Amos Jeffries-2 wrote: > > Well, since you allow all those updates, and private domain accesses, > and CONNECT requests already before any authentication is asked for you > wont get any auth details for most of those requests (sometimes you will > get the by chance luck). > > Here is a simplified set of http_access which do the same thing but add > auth requirements on CONNECT: > > > acl ms_activate dstdomain wustat.windows.com .windowsupdate.com > acl ms_activate dstdomain .microsoft.com > > http_access allow ms_activate > http_access allow educationsite_allow > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports !Messengers > http_access allow require_auth > http_access deny all > > > PS. If you did want the messengers to get through without auth details > beign logged then add this back in just above the require_auth. > http_access allow CONNECT Messengers > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 > Current Beta Squid 3.1.0.7 > > Thanks Amos for helping clear things out - yea we had to allow those microsoft updates to go through without authentication because sometimes the updates fail because it doesn't work behind a firewall:( Just wondering, from Microsoft's knowledgebase http://support.microsoft.com/kb/921471, it lists a few URLs that needs to go through without authenitcation, so for example, to let http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl through without authentication, without having to open the entire Microsoft site, would I have to use url_regex as acl ms_activate url_regex ^http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl Thanks. moses -- View this message in context: http://www.nabble.com/Recording-username-for-secure-connection-tp23326582p23360542.html Sent from the Squid - Users mailing list archive at Nabble.com.
