Thanks Amos, I've decided to send the queries for the url to another parent proxy however this is breaking authentication. Do you know if there is a way to pass on the Parent's authentication to the client directly? On 8 October 2012 19:16, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 09.10.2012 10:28, Randall Maharaj wrote: >> >> Hi Guys, >> >> Do you know if it possible in Squid 2.6 to have it authenticate ncsa >> users per url? >> >> For instance i would like Squid to allow access to all other websites >> and only have users authenticate for one url. >> >> I've been trying it in ACLs but it doesn't seem to be working. >> >> Is this at all possible? > > > Yes and no. HTTP is stateless and so requires credentials to be sent on > every single request. > > So to only authenticate one URL you add something like this to your config: > > acl auth proxy_auth REQUIRED > acl url url_regex http://example\.com/index\.html > > # only request authentication when 'url' matches. > http_access allow url auth > http_access ... > > > However, to operate as you describe with credentials ONLY on the one URL > will require the client software participating. It is valid (but costly) to > not send credentials unless explicitly challenged for them with a 401/407 > status. Most clients will optimize their behaviour to reduce bandwidth and > slow load times that creates, by continuing to send credentials on all > requests once they are informed of a need for authentication. > > Amos >
