Re: [squid-users] no auth for one domain? from Terry Dobbs on 2006-02-24 (squid-users)

From: Terry Dobbs <terry.dobbs@dont-contact.us>
Date: Fri, 24 Feb 2006 20:43:44 -0500

The dstdomain workaround works perfectly. I had a training site users needed
to access that contained WMPlayer streams, and users couldnt hear the
background speech and would get prompted for the userid/passwd.

I did the following... 1st add a ACL for the domain.
acl NTLM_Bypass dstdomain foobar.com

Then allow the domain access, then the Authorized Users
http_access allow NTLM_Bypass
http_access allow AuthorizedUsers

----- Original Message -----
From: "nairb rotsak" <ipguru99@yahoo.com>
To: "Mark Elsen" <mark.elsen@gmail.com>
Cc: <squid-users@squid-cache.org>
Sent: Friday, February 24, 2006 3:57 PM
Subject: Re: [squid-users] no auth for one domain?

> We ended up using AD Group policy to not go through
> the proxy for that site... not ideal, but just to make
> sure I understand the other way to do it....
>
> You can put the http_access with the acl before the
> http_access allow_ntlm and it should work?
>
> --- Mark Elsen <mark.elsen@gmail.com> wrote:
>
>> > Is it possible to have my ntlm users go around 1
>> > domain? We can't seem to get a state web site
>> (which
>> > uses a weird front end to it's client... but it
>> ends
>> > up on the web) to go through the proxy. When we
>> sniff
>> > the traffic locally, it is popping up a 407, but
>> their
>> > isn't anyway to log in.
>> >
>> > I tried to put an acl and http_access higher in
>> the
>> > list in the .conf, but that didn't seem to matter?
>> >
>>
>> It would have been more productive to show that
>> line, which you put
>> for that domain in squid.conf, offhand & probably it
>> should
>> resemble something like this :
>>
>> acl ntlm_go_around dstdomain name-excluded-domain
>> ...
>>
>> http_access allow ntlm_go_around
>> http_access allow ntlm_users (provided proxy
>> AUTH ACL is named 'ntlm_users')
>>
>> M.
>>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2/24/2006
>
>

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2/24/2006

Received on Fri Feb 24 2006 - 18:42:22 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:04 MST