Hi, I’m Jerome and I m a novice with squid. With the documentation and the FAQ, I managed to create a LDAP authentification. Now I want to create an exception for 2 IP addresses. I did a search in the FAQ but I don’t understand how I can do this This is my squid.conf : #HOSTNAME PROXY visible_hostname proxy_dsi #PORT D ECOUTE http_port 8080 # Authentification LDAP auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "XXXXX" -D "CN=XXXi,OU=XXXX,OU=XXXX,OU=XXX,DC=XXX,DC=XXXX,DC=XXX" -w "SQUID42" -f sAMAccountName=%s -h 192.168.1.11 auth_param basic children 30 auth_param basic realm Merci de saisir vos identifiants AD6 auth_param basic credentialsttl 1 hours # Gestion des groupes AD d'appartenance external_acl_type ldap_group %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -b "DC=R06,DC=AN,DC=CNAV" -D "CN=proxydsi,OU=InfraReseaux,OU=_ComptesTechniques,OU=_UtilisateursSpecifiques,OU=_Administration,OU=_06-Lyon,DC=R06,DC=AN,DC=CNAV" -w "5quid4DSI@" -f "(&(objectclass=person) (sAMAccountname=%v)(memberof=CN=r06_gl_ProxyDSI,OU=InfraReseaux,OU=DSI,OU=_AccesApplications,OU=_RessourcesRegionales,OU=_Groupes,OU=_Administration,OU=_06-Lyon,DC=R06,DC=AN,DC=CNAV))" -h 50.50.99.11 # Cet appel se fait comme une fonction, acl ACL_NAME external ldap_group Le_Nom_Du_Groupe_A_chercher acl AD_USER external ldap_group r06_gl_ProxyDSI acl ldap-auth proxy_auth REQUIRED acl ldap-group external ldap_group PROXY_ALLOWED http_access deny !ldap-group http_access deny !ldap-auth http_access allow all #RESEAU AUTORISE acl VLan_etage src 192.168.1.0/24 # PORTS AUTORISES acl SSL_ports port 443 acl ports_ouverts port 80 acl ports_ouverts port 443 acl ports_ouverts port 21 acl ports_ouverts port 25 acl ports_ouverts port 110 acl ports_ouverts port 143 acl ports_ouverts port 5074 acl ports_ouverts port 7016 acl ports_ouverts port 8010 acl CONNECT method CONNECT # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # REDIRECTION SQUIDGUARD redirect_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf redirect_children 50 #Configuration pour l'envoie de l'adresse IP & Nom a C-ICAP icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User #Cette partie permet de définir le comportement de c-icap icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all cache_mem 1333 MB minimum_object_size 3 KB maximum_object_size 2000 MB cache_access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_store_log /var/log/squid3/store.log # Information communiquées dans les headers HTTP forwarded_for off -- Cordialement, Seuniac Jérôme. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
