Re: [squid-users] Squid whitelist question from Amos Jeffries on 2010-09-03 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 04 Sep 2010 15:50:22 +1200

Prakash Velayutham wrote:
> Hello all,
>
> I am a squid newbie, but have searched the documentation almost
> thoroughly, but can't find answer to this specific question.

You have been seeking the wrong thing. What you need to be reading the
documentation for is knowledge. Understanding how the access controls in
Squid work is far more useful than a simple few lines of config.

The worst 'it wont work' complaints we get here are people cut-n-pasting
perfectly working examples into the wrong places of their squid.conf
because they did not understand it.

To explain this. The solution you are looking for is:
acl someUser src 10.1.2.3
http_access allow someUser

Now, does that help with you using it? no.

To figure out where to place it requires understanding of what you
already have in your squid.conf and what other network policies are
altered by it.

We can easily say "place it before your authentication access controls".
Which perfectly and clearly describes where it goes. But again, you need
to understand what and where those authentication control themselves are.

>
> I have a Squid server (3.0-48) running. I would like one of the clients

"-48" ? wow! Somebody has done a LOT of custom patching. I'm only up
to 3.0.25 on the official releases of that series.

Where did this package come from?

> (either IP address or name will work) be able to go out to the wide

NP: name will not work. Name is retrieved by doing authentication, which
you said needs to be omitted.

> world without authentication through this Squid server through a regex
> whitelist like *, but all other clients be required to authenticate,
> except for those sites that are in a different restricted whitelisted URLs.
>
> I am sure many out there has this setup, but just can't find it in the
> documentation.

The knowledge you need begins here:
http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes

when you understand that re-read your squid.conf http_access rules and
my texts at the top of this email.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.7
   Beta testers wanted for 3.2.0.1

Received on Sat Sep 04 2010 - 03:50:30 MDT

This archive was generated by hypermail 2.2.0 : Sat Sep 04 2010 - 12:00:02 MDT