Search squid archive

Squid ACL, SSL-BUMP and authentication questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

 

As our company policy only allow some machines to access to some SSL website URL(eg. https://www.google.com/maps). However, they do not have access to https://www.google.com/ Before, we tried to implement authentication, everything works fine. We try to allow https access to https://www.google.com/maps and “CONNECT” request to www.google.com using SSL bump. Now, I want to preserve this config, and let user to authenicate to access to any website. Access to google maps(https://www.google.com/maps) should prevent any authentication need. However, I am not success to figure this out. I have tried different kinds of configuration, some will prompt for authentication. Some will not allow the authenticated users to access to https://www.google.com. From the access log, after I authenticate and try to access to https://www.google.com, the authentication information is not displayed. Seems squid do not use the authentication information when matching the this rule: “http_access     allow   CONNECT                 google”.

The “CONNECT” method is success. Then, the squid will continue use no authentication information to process the “GET” command, causing the authenticated user to denied access to https://www.google.com.

Can I make squid always use the authentication information if already authenticate ? Or any suggestion to implement this policy.

Thanks.

 

Here is an extracted version of config which should state the related configuration:

 

auth_param basic children 5

auth_param basic realm Welcome to Our Website!

auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid_user

auth_param basic credentialsttl 2 hours

auth_param basic casesensitive off

 

acl my_auth proxy_auth REQUIRED

 

acl SSL_ports port 443

acl Safe_ports port 443         # https

acl CONNECT method CONNECT

 

acl     GoogleMaps           url_regex -i    ^https://www.google.com/maps*.

acl     test_net                 src             192.168.1.253/32

acl     google                    dstdomain    www.google.com

http_access deny CONNECT !SSL_ports

 

http_access     allow                           GoogleMaps

 

http_access     allow   CONNECT                 google

http_access     deny    CONNECT                 google                 my_auth

#http_access    allow   CONNECT                 test_net                 google

 

http_access     allow   my_auth                all

 

http_access     deny                            all

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux