I have Squid configured to authenticate users to our Active Directory
and verify that they're in the "Internet" group before allowing access
to the web.
However, there are some URLs that we want anyone to access without
requiring authentication. How would I configure Squid to bypass the
authentication acl for a list of sites, such as *.foo.com, bar.com,
and 172.16.*?
Here's the config:
http_port 8080
icp_port 0
cache_peer 127.0.0.1 parent 2543 7 proxy-only no-query
no-netdb-exchange login=*:nopassword default
maximum_object_size 25600 KB
cache_dir aufs /var/spool/squid 500 16 256
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 30 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy
auth_param basic credentialsttl 2 hours
acl ads dstdom_regex -i "/etc/squid/adservers"
http_access deny ads
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
/usr/lib/squid/wbinfo_group.pl
acl internetusers external nt_group internet
http_access allow internetusers
half_closed_clients off
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow PURGE localhost
acl winbind proxy_auth REQUIRED
http_access allow localhost
http_access deny all
http_reply_access allow all
forwarded_for off
never_direct allow all
coredump_dir /var/spool/squid
Received on Fri Feb 04 2005 - 15:05:11 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST