[squid-users] FYI : Allow connect specify https website

From: Niti Lohwithee <nitil@dont-contact.us>
Date: Mon, 12 Jul 2004 09:54:06 +0700

Dear Squid Group,

Now, I use the squid 2.5 stable1 with kernal 2.4.xxx. My requirements
want everyone connect to ssl website namely
https://sonic2.tac.co.th/bp3/bin/Index without a authentication. The
default users must authenication using last rule of http_access. The
below details configuration file of squid.conf.

Squid configuration
#################################
authenication section
#################################
auth_param basic program /squid/bin/ncsa_auth /squid/etc/passwd
auth_param basic children 64
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

#######################
#Access List for policy
########################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl scb_port port 9000 443 563 # scb port 9000
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl NationWeb_ports port 700 # nation web site use to send
online data
acl http7779_port port 7779 # for access www.dbd.go.th
acl CONNECT method CONNECT
acl bothost dstdomain "/usr/local/squid/etc/filter_bot_domain.txt"
acl filter_local_domain dstdomain
"/usr/local/squid/etc/filter_local_domain.txt"
acl filter_dmz_domain dstdomain
"/usr/local/squid/etc/filter_dmz_domain.txt"
acl filter_special_domain dstdomain
"/usr/local/squid/etc/filter_special_domain.txt"
acl filter_intranet_host dst
"/usr/local/squid/etc/filter_intranet_host.txt"
acl filter_pager_domain dstdomain
"/usr/local/squid/etc/filter_pager_domain.txt"
acl filter_pager_host dst "/usr/local/squid/etc/filter_pager_host.txt"
acl dataone dst "/usr/local/squid/etc/dataone.txt"
acl filter_pager_url url_regex
"/usr/local/squid/etc/filter_pager_url.txt"
acl ais900 url_regex ^http://www.ais900.com/vas
acl ais900path urlpath_regex \.gif$
acl filter_x_domain dstdomain "/usr/local/squid/etc/filter_x_domain.txt"
acl filter_x_domain2 dstdomain
"/usr/local/squid/etc/filter_x_domain2.txt"
acl host_allowed src "/usr/local/squid/etc/host_allowed.txt"
acl host_secureid src "/usr/local/squid/etc/host_secureid.txt"
acl host_cho src "/usr/local/squid/etc/host_cho.txt"
acl host_special src "/usr/local/squid/etc/host_special.txt"
acl filter_spedia_user src "/usr/local/squid/etc/filter_spedia_user.txt"
acl filter_badip src "/usr/local/squid/etc/filter_badip.txt"
########### Add acl at here ########################
acl special_domain dstdomain "/usr/local/squid/etc/allow_ssl.txt
#################################################
acl passwd proxy_auth REQUIRED
acl userbot proxy_auth sctbot
acl user_scb proxy_auth "/usr/local/squid/etc/filter_scb_user.txt"
acl worktime time 07:30-16:30
acl sunday time S
acl saturday time A
acl service_ftp proto FTP

Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow scb_port user_scb
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow NationWeb_ports

http_access allow filter_local_domain
http_access allow filter_special_domain
http_access allow filter_intranet_host
http_access allow filter_pager_domain
http_access allow filter_pager_host
http_access allow dataone
http_access allow filter_pager_url
http_access allow ais900 ais900path
http_access deny filter_x_domain
http_access deny filter_x_domain2
http_access deny filter_spedia_user
http_access deny filter_badip
http_access allow host_secureid
http_access allow host_special
############ Add http access at here#####
http_access deny SSL_Ports !special_domain
#####################################
http_access deny !bothost userbot
http_access allow host_allowed passwd
http_access deny all

Text file
[special_domain.txt]
.tac.co.th

[host_allow.txt ]
all Intranet ip address

Any Advice ?

Regards and Thank you in advance
Niti
Received on Sun Jul 11 2004 - 20:52:12 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT