I use simple NCSA. Then add small password file to NCSA directory.
This password file is changed EVERY day, at 08:00am and 17:00pm. User
have to call in to get the username/password of that day before
they're able to use this office's squid (another way to audit who's
working or not :-D)
# heh! this line is extract from the very old 2.0 conf
authenticate_program /usr/local/squid/bin/ncsa /usr/local/squid/etc/registered
# this two lines never change eventhough it's now 2.6
acl MEMBER proxy_auth REQUIRED
http_access deny !MEMBER
2008/6/13, ffredrixson_at_comcast.net <ffredrixson_at_comcast.net>:
>
> -------------- Original message ----------------------
> From: Amos Jeffries <squid3_at_treenet.co.nz>
> > ffredrixson_at_comcast.net wrote:
> > > I'm trying to provide an externally available proxy to our employees. This way
> > they can have the same basic protection when traveling that they get when
> > they're inside our corporate walls.
> > >
> > > What acls or rules do I need to be looking at?
> > >
> > > I'm a newbie and just trying to keep my job.
> > >
> > > Thank you in advance.
> >
> > Safest ones are auth IMO. They can use any net connection, and link in
> > through the proxy to get anywhere.
> > After the local accepts and before the global external denial.
> >
> > Amos
> > --
> > Please use Squid 2.7.STABLE2 or 3.0.STABLE6
>
>
> Thank you for your quick reply.
>
> What auth would you recommend? The powers above decided it shouldn't be Active Directory. What other auth is recommended? is there any based on a cert installed on the laptops? Or could it be cookie based? (I know it sounds like a dumb question but I know I'll be asked) Anything to avoid login and password would be great.
>
> Thank you again.
>
-- ... Lyrics of the Forest ...Received on Fri Jun 13 2008 - 14:42:06 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 14 2008 - 12:00:03 MDT