[squid-users] Re: Re: Re[squid-users] cording username for secure connection

From: molybtek <moses_truong_at_ntm.org.pg>
Date: Sun, 3 May 2009 15:21:45 -0700 (PDT)

Amos Jeffries-2 wrote:
>
> Well, since you allow all those updates, and private domain accesses,
> and CONNECT requests already before any authentication is asked for you
> wont get any auth details for most of those requests (sometimes you will
> get the by chance luck).
>
> Here is a simplified set of http_access which do the same thing but add
> auth requirements on CONNECT:
>
>
> acl ms_activate dstdomain wustat.windows.com .windowsupdate.com
> acl ms_activate dstdomain .microsoft.com
>
> http_access allow ms_activate
> http_access allow educationsite_allow
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports !Messengers
> http_access allow require_auth
> http_access deny all
>
>
> PS. If you did want the messengers to get through without auth details
> beign logged then add this back in just above the require_auth.
> http_access allow CONNECT Messengers
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
> Current Beta Squid 3.1.0.7
>
>

Thanks Amos for helping clear things out - yea we had to allow those
microsoft updates to go through without authentication because sometimes the
updates fail because it doesn't work behind a firewall:(

Just wondering, from Microsoft's knowledgebase
http://support.microsoft.com/kb/921471, it lists a few URLs that needs to go
through without authenitcation, so for example, to let
http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
through without authentication, without having to open the entire Microsoft
site, would I have to use url_regex as
acl ms_activate url_regex
^http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl

Thanks.
moses

-- 
View this message in context: http://www.nabble.com/Recording-username-for-secure-connection-tp23326582p23360542.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Sun May 03 2009 - 22:21:49 MDT

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 12:00:01 MDT