Re: [SQU] Passing Username, Password and URL to authenticate program

From: Mark Myers <>
Date: Wed, 24 Jan 2001 08:19:06 -0800

Hmmm. That looks like it may be part of the answer to something I have been trying to figure out. I want to install squid caches at multiple remote locations on our WAN to improve performance of web-based applications, but I want to limit internet surfing to a few users at each. I have placed a default route in the remote router but have an ACL in the internet router that limits outbound internet traffic from that site to the squid box only. I don't need authentication, but would like to control access via individual PC's based on who is logged in. Since we use DHCP and I can't do it by IP address. Can I use what you described with identd running on the Win98/W2k workstations to identify the logged in user, allowing/denying based on the name returned by identd?

I am a squid novice, so don't be shy if you have a better way of approaching this.


From: "Robert Collins" <>

Dead easy.

Compile squid with AUTHENTICATE_ON_ACCEL (see the list yesterday or thereabouts - Henrik posted the exact steps). That will give
you authenticated acceleration capability.

From memory (and I may be wrong) you can also use url/url_regex/dst/dst_domain acl's with acceleration.


acl group1 proxy_auth john fred mary
acl group2 proxy_auth stephen mary joseph
acl server1 dst_domain
acl server2 dst_domain
acl server3 dst_domain

http_access allow group1 server1
http_access allow group1 server3
http_access allow group2 server2
http_access allow group2 server3

voila! no redirector, no alterations to squid :-]


To unsubscribe, see
Received on Wed Jan 24 2001 - 09:22:56 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:33 MST