On 21/11/17 06:56, Paul Hackmann wrote:
Amos,
If the website that is being asked for is not in the whitelist, won't it
fall through and ask for authentication? That is how it seems to work
to me. That's why I am thinking I need 2 different ports or something
to do what I want.
You do need two different ports regardless of the http_access rules. One
for the forward/explicit proxy traffic and one for the intercept/tproxy
traffic. The TCP IP:port details for each of those "modes" is given in
completely different ways and the HTTP message syntax is also different
so the *cannot* be delivered to the same ports.
A whitelist generally is formed from two lines, one allowing and one
denying everything else.
If 'everything else' is defined as just the stuff arriving in one
specific port you get this:
http_port 3128
http_port 3129 intercept
acl portX myportname 3129
http_access allow portX whitelist
http_access deny portX
http_access deny !login
...
Amos
PH
On Mon, Nov 20, 2017 at 11:38 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx
<mailto:squid3@xxxxxxxxxxxxx>> wrote:
On 21/11/17 05:02, Paul Hackmann wrote:
Hi all. I've got a fairly basic squid config set up on linux.
I have basic authentication set up on it to the default 3128
port, and it works just fine. I would like to keep this
configuration. However, I would like to set up another port
that only allows a certain whitelist of websites that doesn't
require or ask for authentication. I want to set this up for
certain apps that don't have proxy settings built into them. I
want windows to be able to connect to some sites, but not
everything and if it can't reach the site, I don't want it to
ask for credentials. With my current configuration, it asks for
credentials for any app that is trying to connect to a
non-whitelisted website. Is this configuration possible and do
you have an example? Sorry if this has been answered before, I
am very green to squid yet.
Simply place the http_access rules for handling that traffic above
the first line which requires authentication.
http_access ... lines that dont require auth.
acl login proxy_auth REQUIRED
http_access deny !login
http_access ... rules for authenticated users.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
--
Paul Hackmann
Sims TV/Haven Electronics
121 N. Vine St.
West Union, IA. 52175
563-422-5751 <tel:(563)%20422-5751>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
