The other thing you can try is to have those users in a specific block of LAN addresses and create an ACL that allows access for hosts in that block only.
acl SpecialHosts src 172.25.1.13/255.255.255.255
http_access allow SpecialHosts
http_access allow AuthorisedUsers
The above example just allows the single host -172.25.1.13- through the proxy unauthenticated.
You will have to make sure the 'SpecialHosts' http_access statement is above the Authorised users acl.
Hope this helps,
Brad.
Network Administrator
Alphawest Services Pty Ltd
Tel: (61 2) 9682 4992
Fax: (61 2) 9682 5449
<http://www.alphawest.com.au>
-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, 10 November 2004 8:23 PM
To: tony bologna
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] optional authenication
On Wed, 10 Nov 2004, tony bologna wrote:
> Is it possible to concoct a sequence of ACLs that would permit a user to
> access the proxy if they entered incorrect authentication information?
Not really, but see below.
> I am using NTLM authentication, and would like to allow users that are
> not logged into the domain or otherwise do not have an AD account to use
> the proxy.
You could use the fake_auth helper.. this accepts any username+password
(when it works at all).
It obviously makes it trivial for your users to spoof their identities.
Regards
Henrik
Received on Wed Nov 10 2004 - 16:47:00 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST