Anthony wrote:
>Hello, I am only new to squid, and am looking to implement an extra
>"feature" in my workplace.
>
>At the moment, we are using proxy_auth to force all users' to type their
>username and password before accessing any website.
>
>What I wish to do is to allow certain sites access without the need for a
>username/password. For example http://windowsupdate.microsoft.com
>
>I am aware I need to use ACL's, but am not sure what, or where, I need to
>put them in.
>Below is what I have in my squid.conf file for the ACL config.
>
>######## START squid.conf CODE ##########
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl allowed_hosts src 172.29.73.0/255.255.255.192
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80 # http
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 70 # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535 # unregistered ports
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>acl CONNECT method CONNECT
>acl ncsa_users proxy_auth REQUIRED
>
>
>http_access allow ncsa_users
>http_access deny manager all
>http_access allow allowed_hosts
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access deny all
>######## END squid.conf CODE ##########
>
>
>Any help would be much appreciated!!
>
>Kind regards,
>
>Anthony.
>
>
>
>
>
Change part of your rules to something like this:
acl windows_update dstdomain windowsupdate.microsoft.com
http_access allow windows_update
http_access allow ncsa_users.
By allowing to the domain before allowing auth users then they will be
able to access that site without authenticating.
Billy
Received on Fri Aug 27 2004 - 00:00:48 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT