there is an entire wiki article to this exact topic. http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass every matching http_access line before the required auth is unauthenticated. the http_access line requiring auth and all matching http_access lines after it are authenticated. On Tue, 2013-06-04 at 13:06 +0200, Josef Karliak wrote: > Hi, > I wanna let some IPs bypass radius authorization, like a server IP. > Another users and theirs computers must authorized. So I've this in > the squid.conf: > > auth_param basic program /usr/bin/basic_radius_auth -f /etc/radius_config > auth_param basic children 5 > auth_param basic realm Authorized access > auth_param basic credentialsttl 5 minute > auth_param basic casesensitive on > > acl auth proxy_auth REQUIRED > > http_access allow auth > http_access deny all > > I thought that I'll have vip IPs in some file and tell squid that this > source IP's will have an access to the internet free without > authorization: > > auth_param basic program /usr/bin/basic_radius_auth -f /etc/radius_config > auth_param basic children 5 > auth_param basic realm Authorized access > auth_param basic credentialsttl 5 minute > auth_param basic casesensitive on > > acl auth proxy_auth REQUIRED > acl vip src "/etc/squid/vip_bypass_auth.txt" > > http_access allow auth > http_access allow vip > http_access deny all > > > > File "/etc/squid/vip_bypass_auth.txt" contains IP 192.168.4.51 - my testing PC > > But an internet browser in the testing PC asks for login and password, > after escaping it the "access to squid is denied" :-/ > > What did I missed ? > > Thanks for kicks to the right way and best regards > J.Karliak. >
