Re: [squid-users] Locking down WWW internet access

From: Christoph Haas <email@dont-contact.us>
Date: Tue, 5 Apr 2005 15:49:07 +0200

On Mon, Apr 04, 2005 at 11:12:35AM -0700, mlist@fitnessworld.ca wrote:
> We have 12 locations in our Intranet with all internet blocked except for
> a few selected websites. Some users need full access to the Internet.
> They use thin clients to a Debian server and are configured to access
> select sites through our Squid Proxy. Since we use one server per
> location. I cannot configure spefic IP addresses from each client. The
> Proxy see's only the server IP. I think using User:Password
> Authentication would be the plausible solution. I need to know if it is
> posible to use User:Password authentication only when needed. Following
> the rules of the ACL; I need it only to prompt for username and password
> when the conditions are not met. I do not want it to prompt for
> user/password every time someone uses their web browser.
> I understand that you must add the following to the squid.conf file.
> authenticate_program /usr/local/squid/bin/ncsa_auth
> /usr/local/squid/etc/passwd
>
> Can it be placed as a ACL condition when my existing conditions are not met?

ACLs work like firewall rules. They are evaluated one by the other until
one matches. That one is run and the rest ignored. So an example would
be:

acl allowed_ips src 10.0.0.4 10.1.0.0/16 10.0.5.154
acl authentication proxy_auth REQUIRED
http_access allow allowed_ips
http_access allow authentication
http_access deny all

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Tue Apr 05 2005 - 07:49:23 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT