Re: [squid-users] Auth per url

From: Randall Maharaj <randallmaharaj_at_gmail.com>
Date: Mon, 8 Oct 2012 20:05:48 -0400

Thanks Amos,

 I've decided to send the queries for the url to another parent proxy
however this is breaking authentication.

 Do you know if there is a way to pass on the Parent's authentication
to the client directly?

On 8 October 2012 19:16, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 09.10.2012 10:28, Randall Maharaj wrote:
>>
>> Hi Guys,
>>
>> Do you know if it possible in Squid 2.6 to have it authenticate ncsa
>> users per url?
>>
>> For instance i would like Squid to allow access to all other websites
>> and only have users authenticate for one url.
>>
>> I've been trying it in ACLs but it doesn't seem to be working.
>>
>> Is this at all possible?
>
>
> Yes and no. HTTP is stateless and so requires credentials to be sent on
> every single request.
>
> So to only authenticate one URL you add something like this to your config:
>
> acl auth proxy_auth REQUIRED
> acl url url_regex http://example\.com/index\.html
>
> # only request authentication when 'url' matches.
> http_access allow url auth
> http_access ...
>
>
> However, to operate as you describe with credentials ONLY on the one URL
> will require the client software participating. It is valid (but costly) to
> not send credentials unless explicitly challenged for them with a 401/407
> status. Most clients will optimize their behaviour to reduce bandwidth and
> slow load times that creates, by continuing to send credentials on all
> requests once they are informed of a need for authentication.
>
> Amos
>
Received on Tue Oct 09 2012 - 00:05:55 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 09 2012 - 12:00:03 MDT