For our organization we restrict access to the internet for most with a
few acceptions. We use source IPs to control this, and only allow
specific defined external websites outside of our Intranet.
I need to allow a couple of users full access to the internet through the
proxy server. Direct access is not an option as we both incomming and
outgoing ports on the firewall locked with the acception of the VPN.
Using ACL Type: Username/Password pair seems plausible, although I only
want user authentication to promt the user when they need access to
restricted sites. In other words I would like to apply this rule to the
end of the ACL list and apply it just before the rule "http_access deny
all".
I understand that you must add the following to the squid.conf file.
authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/passwd
Will this cause every user to authenticate every time they use their
web-browser to access the internet? Or will the rules defined in our ACL
follow in order and only prompt for user/password when all the conditions
in the ACL are not met?
Regards,
Jason
Received on Thu Mar 31 2005 - 14:18:50 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST