RE: [squid-users] optional authenication

From: Brad Larden <[email protected]>
Date: Thu, 11 Nov 2004 10:46:56 +1100

The other thing you can try is to have those users in a specific block of LAN addresses and create an ACL that allows access for hosts in that block only.

acl SpecialHosts src 172.25.1.13/255.255.255.255
http_access allow SpecialHosts
http_access allow AuthorisedUsers

The above example just allows the single host -172.25.1.13- through the proxy unauthenticated.
You will have to make sure the 'SpecialHosts' http_access statement is above the Authorised users acl.

Hope this helps,
Brad.

 
Network Administrator
Alphawest Services Pty Ltd
Tel: (61 2) 9682 4992
Fax: (61 2) 9682 5449
<http://www.alphawest.com.au>

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, 10 November 2004 8:23 PM
To: tony bologna
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] optional authenication

On Wed, 10 Nov 2004, tony bologna wrote:

> Is it possible to concoct a sequence of ACLs that would permit a user to
> access the proxy if they entered incorrect authentication information?

Not really, but see below.

> I am using NTLM authentication, and would like to allow users that are
> not logged into the domain or otherwise do not have an AD account to use
> the proxy.

You could use the fake_auth helper.. this accepts any username+password
(when it works at all).

It obviously makes it trivial for your users to spoof their identities.

Regards
Henrik
Received on Wed Nov 10 2004 - 16:47:00 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST