Proxy authentication

From: Stephane Lentz <[email protected]>
Date: Tue, 26 Nov 1996 11:58:45 +0100

With the curent version of SQUID (1.1beta23 now) , it's possible :

- to ask for proxy authentication for most machines
- to allow machines of a given domain (specified with the line :
        proxy_auth passwd_file [ ignore-domain ] token
in the squid.conf) to access without authentication to SQUID.

My problem and I do hope I'm not the only case, is that I want to allow
machines on several domains to access without authentication to SQUID
(ex : all machines on x.dummy.com, machines 170.120.12.44 and
170.120.12.45,
all machines like 170.121.* should have access to SQUID without proxy
authentication whereas all other machines should be asked for
identication)

Would it be possible to change squid so as to solve this problem ?

The solution would consist in (for instance) changing the acl syntax
in squid.conf. What about :
acl aclname src ip-address/netmask ... (clients IP address)
(auth|noauth)
                                                                
^^^^^^^^^^^^^
                                                                (field
to add)

Example :
acl direct-access1 src 170.121.*/255.255.255.0 noauth
acl direct-access2 src 170.120.12.44/255.255.255.255 noauth
acl direct-access3 srcdomain x.strangers.com noauth
acl access4 srcdomain y.strangers.com auth

noauth : means requires no authentication auth : the other way \

It would be compulsory to make a lot of changes, especially in :
acl.c and acl.h and also cache_cf.c (the field proxyAuthIgnoreDomain
should be ignored from the instance Config of struct SquidConfig
through a #ifdef mecanism, USE_SIMPLE_PROXY_AUTH instead of
USE_PROXY_AUTH, USE_ACL_PROXY_AUTH as a new flag to enable this
new scheme). Of course, parsing should be modified.

What do you think of it ?

-- 
St�phane Lentz (Stephane.Lentz@ansf.alcatel.fr)
Received on Tue Nov 26 1996 - 03:07:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:38 MST