On Wed, Aug 10, 2011 at 12:56 PM, alexus <alexus@xxxxxxxxx> wrote: > 2) add ip for 24h to a trusted list, so it will not prompt for > userid/password until 24h is expired > Add an external_acl_helper that checks against a list of trusted IPs. It's up to you to maintain that list, but that shouldn't be hard. I don't have the 24 hour constraint, but needed to allow certain IPs to not require user/pass, so here's my helper: #!/bin/bash while true do read LINE RESULT=`sed -n s/"$LINE "//p /etc/squid3/auth.ips` if [ -z "$RESULT" ]; then echo ERR 2> /dev/null else echo OK user=$RESULT 2> /dev/null fi if [ $? -ne 0 ]; then exit 1; fi done The auth.ips file looks like: 1.2.3.4 user1 1.2.3.5 user2 Then in squid.conf I have this to define the helper: external_acl_type ipauth children=1 %SRC /etc/squid3/ip_auth.sh acl ip-auth external ipauth Then you allow access using ip-auth before your current acl that prompts. --Will