Hello Fred,
thank you for your help!
Ok, I tried to insert a the acl in auth_param block as you described:
acl pdfdoc dstdomain webgate.ec.europa.eu
http_access allow password !pdfdoc
http_access allow pdfdoc
but no success was shown using the pdf-doc.
Then: Testing access to webgate.ec.europa.eu in browser squid asked me for a
password as usual.
Here my squid.conf in actual state (the file w7akt has some adresses for
novell and for w7-activation):
########################## Start
acl alle src 0.0.0.0/0.0.0.0
acl w7aktivierung dstdomain "/etc/squid/w7akt"
http_access allow w7aktivierung alle
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
acl wuCONNECT dstdomain novell.com
acl wuCONNECT dstdomain docs.live.net
acl wuCONNECT dstdomain d.docs.live.net
acl port_443 port 443
http_access allow CONNECT port_443
http_access allow CONNECT wuCONNECT
auth_param basic program /usr/sbin/squid_ldap_auth -b T=MYDOMAIN -f "uid=%s"
-s sub -h 192.168.1.1 acl password
auth_param basic children 10
auth_param basic realm Internetzugang im VERWALTUNGSNETZ FAL-BK: Bitte mit
den Daten aus diesem Netzwerk anmelden!
acl password proxy_auth REQUIRED
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
http_access allow password
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.1.0/23 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl QUERY urlpath_regex cgi-bin \?
no_cache deny query
acl FILE_MP3 urlpath_regex -i \.mp3$
http_access deny FILE_MP3
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 192.168.1.7:8080
hierarchy_stoplist cgi-bin ?
cache_mem 32 MB
cache_dir ufs /var/cache/squid 100 16 256
logformat combined %>a %ul %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
log_fqdn on
ftp_user Squid@xxxxxxxxxxxxxxxx
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr admini@xxxxxxxxxxxxxxxx
visible_hostname proxy.my-domainname.de
coredump_dir /var/cache/squid
###################### End
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-with-LDAP-authentication-bypass-selected-URLs-tp4676689p4676838.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
