[squid-users] Limiting smb_auth to internal network and one external IP only

From: Bob Avery-Babel <Bob@dont-contact.us>
Date: Fri, 24 Jan 2003 12:32:21 -0600

I'm having a hard time composing acls that work. I'm hoping someone can
help. Thanks for the previous tips, I am a little further. :-)

I set up smb_auth to track connections by user name. That works very well.
squid prompts for a username and password.

The problem is, that I can configure an external browser outside of the
network to use the proxy and I get a username and password prompt there as
well.

I'm trying to figure out how to only have authentication be available to
users inside my network.

Here are the acls I have now:

acl domainusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mynetwork src 192.168.0.0/24
acl workmachine src 207.xxx.xxx.xxx

http_access allow localhost
http_access allow mynetwork
http_access allow domainusers !workmachine
#http_access allow workmachine
http_access deny all

So with the above ruleset I can access the authentication prompt from every
outside IP except my workstation which is outside of the network. :-)

Is there any acl that I could put in that would mention the "outside
network" and then make a line like this:

http_access allow domainusers !outsidenetwork

I thought I could add more restrictions to the group domainusers but these
lines didn't take when I tried to restart squid:

acl domainusers src 192.168.0.0/24 #local network
acl domainusers src 207.xxx.xxx.xxx #my work machine, external to the
network

I know I could block external requests to port 3128 but I'd like to be able
to figure it out from within squid.

Thanks all!

Bob
Received on Fri Jan 24 2003 - 11:32:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:50 MST