On 09.10.2012 10:28, Randall Maharaj wrote:
Hi Guys,
Do you know if it possible in Squid 2.6 to have it authenticate ncsa
users per url?
For instance i would like Squid to allow access to all other websites
and only have users authenticate for one url.
I've been trying it in ACLs but it doesn't seem to be working.
Is this at all possible?
Yes and no. HTTP is stateless and so requires credentials to be sent on
every single request.
So to only authenticate one URL you add something like this to your
config:
acl auth proxy_auth REQUIRED
acl url url_regex http://example\.com/index\.html
# only request authentication when 'url' matches.
http_access allow url auth
http_access ...
However, to operate as you describe with credentials ONLY on the one
URL will require the client software participating. It is valid (but
costly) to not send credentials unless explicitly challenged for them
with a 401/407 status. Most clients will optimize their behaviour to
reduce bandwidth and slow load times that creates, by continuing to send
credentials on all requests once they are informed of a need for
authentication.
Amos
