Re: [squid-users] Squid whitelist question from Prakash Velayutham on 2010-09-03 (squid-users)

From: Prakash Velayutham <prakash.velayutham_at_cchmc.org>
Date: Sat, 4 Sep 2010 00:26:50 -0400

Thanks Amos. I have it figured out now, but I can't say I understand
it all though.

Prakash

On Sep 3, 2010, at 11:50 PM, Amos Jeffries wrote:

> Prakash Velayutham wrote:
>> Hello all,
>> I am a squid newbie, but have searched the documentation almost
>> thoroughly, but can't find answer to this specific question.
>
> You have been seeking the wrong thing. What you need to be reading
> the documentation for is knowledge. Understanding how the access
> controls in Squid work is far more useful than a simple few lines of
> config.
>
> The worst 'it wont work' complaints we get here are people cut-n-
> pasting perfectly working examples into the wrong places of their
> squid.conf because they did not understand it.
>
> To explain this. The solution you are looking for is:
> acl someUser src 10.1.2.3
> http_access allow someUser
>
> Now, does that help with you using it? no.
>
> To figure out where to place it requires understanding of what you
> already have in your squid.conf and what other network policies are
> altered by it.
>
> We can easily say "place it before your authentication access
> controls". Which perfectly and clearly describes where it goes. But
> again, you need to understand what and where those authentication
> control themselves are.
>
>> I have a Squid server (3.0-48) running. I would like one of the
>> clients
>
> "-48" ? wow! Somebody has done a LOT of custom patching. I'm only up
> to 3.0.25 on the official releases of that series.
>
> Where did this package come from?
>
>> (either IP address or name will work) be able to go out to the wide
>
> NP: name will not work. Name is retrieved by doing authentication,
> which you said needs to be omitted.
>
>> world without authentication through this Squid server through a
>> regex whitelist like *, but all other clients be required to
>> authenticate, except for those sites that are in a different
>> restricted whitelisted URLs.
>> I am sure many out there has this setup, but just can't find it in
>> the documentation.
>
> The knowledge you need begins here:
> http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes
>
> when you understand that re-read your squid.conf http_access rules
> and my texts at the top of this email.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.7
> Beta testers wanted for 3.2.0.1
Received on Sat Sep 04 2010 - 04:27:13 MDT

This archive was generated by hypermail 2.2.0 : Sat Sep 04 2010 - 12:00:02 MDT