On 5/03/2023 10:44 pm, Dott. Matteo Savatteri wrote:
Hello fellow Squid users,
we use Squid 3.5 at my company and we want to give access to all sites
to authenticated users. If a user is not authenticated we need to
allow only HTTP/S requests that present a referer header matching a
regex. Is this even possible?
I have tried a combination of proxy_auth and referer_regex ACLs with
no results. sslbump is working.
Try these rules:
# initial security protection
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# forbid access to cache manager from non-localhost
http_access deny manager !localhost
# leave the below commented to require a login for cache manager access
# http_access allow manager
# forbid unauthenticated, except when providing the special Referer
header
http_access deny !myreferer !password
# users not denied are allowed
http_access allow all
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
