Proxy authentication

From: Stephane Lentz <>
Date: Tue, 26 Nov 1996 11:58:45 +0100

With the curent version of SQUID (1.1beta23 now) , it's possible :

- to ask for proxy authentication for most machines
- to allow machines of a given domain (specified with the line :
        proxy_auth passwd_file [ ignore-domain ] token
in the squid.conf) to access without authentication to SQUID.

My problem and I do hope I'm not the only case, is that I want to allow
machines on several domains to access without authentication to SQUID
(ex : all machines on, machines and,
all machines like 170.121.* should have access to SQUID without proxy
authentication whereas all other machines should be asked for

Would it be possible to change squid so as to solve this problem ?

The solution would consist in (for instance) changing the acl syntax
in squid.conf. What about :
acl aclname src ip-address/netmask ... (clients IP address)
to add)

Example :
acl direct-access1 src 170.121.*/ noauth
acl direct-access2 src noauth
acl direct-access3 srcdomain noauth
acl access4 srcdomain auth

noauth : means requires no authentication auth : the other way \

It would be compulsory to make a lot of changes, especially in :
acl.c and acl.h and also cache_cf.c (the field proxyAuthIgnoreDomain
should be ignored from the instance Config of struct SquidConfig
through a #ifdef mecanism, USE_SIMPLE_PROXY_AUTH instead of
USE_PROXY_AUTH, USE_ACL_PROXY_AUTH as a new flag to enable this
new scheme). Of course, parsing should be modified.

What do you think of it ?

Stéphane Lentz (
Received on Tue Nov 26 1996 - 03:07:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:38 MST