With the curent version of SQUID (1.1beta23 now) , it's possible :
- to ask for proxy authentication for most machines
- to allow machines of a given domain (specified with the line :
proxy_auth passwd_file [ ignore-domain ] token
in the squid.conf) to access without authentication to SQUID.
My problem and I do hope I'm not the only case, is that I want to allow
machines on several domains to access without authentication to SQUID
(ex : all machines on x.dummy.com, machines 170.120.12.44 and
170.120.12.45,
all machines like 170.121.* should have access to SQUID without proxy
authentication whereas all other machines should be asked for
identication)
Would it be possible to change squid so as to solve this problem ?
The solution would consist in (for instance) changing the acl syntax
in squid.conf. What about :
acl aclname src ip-address/netmask ... (clients IP address)
(auth|noauth)
^^^^^^^^^^^^^
(field
to add)
Example :
acl direct-access1 src 170.121.*/255.255.255.0 noauth
acl direct-access2 src 170.120.12.44/255.255.255.255 noauth
acl direct-access3 srcdomain x.strangers.com noauth
acl access4 srcdomain y.strangers.com auth
noauth : means requires no authentication auth : the other way \
It would be compulsory to make a lot of changes, especially in :
acl.c and acl.h and also cache_cf.c (the field proxyAuthIgnoreDomain
should be ignored from the instance Config of struct SquidConfig
through a #ifdef mecanism, USE_SIMPLE_PROXY_AUTH instead of
USE_PROXY_AUTH, USE_ACL_PROXY_AUTH as a new flag to enable this
new scheme). Of course, parsing should be modified.
What do you think of it ?
-- Stéphane Lentz (Stephane.Lentz@ansf.alcatel.fr)Received on Tue Nov 26 1996 - 03:07:00 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:38 MST