OK so an update. I was able to bypass this but it seems like it might be a maintenance nightmare. I created the following acl's:acl netscaler src 172.21.11.0/24acl direct dstdomain "/etc/squid3/sites.direct.txt"essentially we have a Citrix NetScaler that we use as a load balancer for a bunch of stuff and we have four squid proxies that use such a scheme but aren't doing any authentication at the moment (which is where this one comes into play). Unfortunately, all the traffic that squid sees is coming from the NetScaler (not really a big issue, but I digress). I created a list of dstdomains that I want all non-domain PC's and users with local accounts to access without authenticating. And so I created this http_access rule:http_access allow netscaler directSo, for example, one of the domains is .adp.com. The problem becomes when I actually go to any adp.com site, I still get prompted for authentication. But if I hit cancel enough times, I eventually get to the page. This led me to believe that there are other domains at play here. So I've taken a look at the access.log in order to see what other TCP_DENIED entries I was getting. Turns out there were a whole bunch of other domains (like 20-30) that were also requested and thus why I was getting multiple prompts to log in. I added every single domain into the sites.direct.txt file and now I'm able to get to the site with no issues on non-domain PC's and domain-joined PC's that are used with local accounts only.Is this the best way to actually accomplish this? I don't want to keep updating this txt file constantly every time adp modifies their site. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/unable-to-bypass-authentication-for-certain-domains-tp4675921p4675966.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
