Re: Proxy Auth from Robert Franklin on 1999-02-04 (squid-users)

From: Robert Franklin <R.C.Franklin@dont-contact.us>
Date: Thu, 4 Feb 1999 17:58:04 +0000 (GMT Standard Time)

On Thu, 04 Feb 1999 15:22:05 +0000 Steve Babb <steve@babb.org> wrote:

> ... My problem is
> basically that I do not know how to do it! and even if what I am
> suggesting is the right way.

The salient bits of what we have in our squid.conf:

authenticate_program /usr/squid/2.1p2/bin/ncsa_auth /usr/www/RDG.htpasswd

  acl passwd proxy_auth REQUIRED
  acl localnets-src src \
    134.225.0.0/16 192.133.244.0/24 192.100.154.0/24 192.171.166.0/24

http_access allow localnets-src passwd

The first line defines the program which authenticates (takes usernames +
passwords on stdin and write the success/failure to stdout).

The second and third lines define two ACLs... one for the password
authentication and one for the local subnets (note that I don't think you
can split a line over multiple lines using a backslash terminator; I've
just split the line for readability).

The fourth line says 'allow access if the request passes the ACLs
localnets-src and passwd'. i.e. allow the request if it originates on
one of our local subnets and the username/password are correct. The
fourth line should come above a line which denies access to other
requests.

Note: if you have more than one cache, you'll need to enable
unauthenticated access from peer caches:

acl localservers src wwwcache1-e1 wwwcache2-e1 wwwcache3-e1

http_access allow localservers

The http_access line here should come above the http_access line for
password authentication, above.

- Bob

P.S. Regarding my comment about '\' terminated lines in the config file?
Can you do this? I tried this and had a problem before - is it possible
in some way, or was I doing something wrong (I can't play about will our
caches here, to test at the moment).

----------------------------------------------------------------------------
  The Day Today ... because FACT times IMPORTANCE equals NEWS!
----------------------------------------------------------------------------
  Bob "Mince" Franklin ~{], CNE ;), MCSE ;) Tel. (0118) 931 8432
  Systems and Communications Fax. (0118) 975 3094
  IT Services R.C.Franklin@reading.ac.uk
  University of Reading, U.K. http://www.reading.ac.uk/~suq96rcf/
----------------------------------------------------------------------------
Received on Thu Feb 04 1999 - 11:02:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:26 MST