Re: [squid-users] Auth per url

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 09 Oct 2012 12:16:59 +1300

On 09.10.2012 10:28, Randall Maharaj wrote:
> Hi Guys,
>
> Do you know if it possible in Squid 2.6 to have it authenticate ncsa
> users per url?
>
> For instance i would like Squid to allow access to all other websites
> and only have users authenticate for one url.
>
> I've been trying it in ACLs but it doesn't seem to be working.
>
> Is this at all possible?

Yes and no. HTTP is stateless and so requires credentials to be sent on
every single request.

So to only authenticate one URL you add something like this to your
config:

   acl auth proxy_auth REQUIRED
   acl url url_regex http://example\.com/index\.html

   # only request authentication when 'url' matches.
   http_access allow url auth
   http_access ...

However, to operate as you describe with credentials ONLY on the one
URL will require the client software participating. It is valid (but
costly) to not send credentials unless explicitly challenged for them
with a 401/407 status. Most clients will optimize their behaviour to
reduce bandwidth and slow load times that creates, by continuing to send
credentials on all requests once they are informed of a need for
authentication.

Amos
Received on Mon Oct 08 2012 - 23:17:04 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 09 2012 - 12:00:03 MDT