[squid-users] Squid ACL, SSL-BUMP and authentication questions

squid at icshk.com squid at icshk.com
Fri Nov 7 10:04:57 UTC 2014


Hi Amos,

The configuration I post last time still cannot accomplish the tasks. So, you mean the "CONNECT" ACL and must pair with normal "GET" command ACL to be evaluated by squid ? 

Best,
Kelvin Yip

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Friday, November 07, 2014 4:29 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid ACL, SSL-BUMP and authentication questions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/11/2014 8:35 p.m., squid-list wrote:
> Hi, * **"Access to google maps(https://www.google.com/maps) should 
> prevent any authentication need"*
> 
> I could understand that all users should be able to access the google 
> maps link without any authentication. For this you could add the site 
> acl before the authentication part in the squid conf. So that users 
> will not prompt for the authentication when the user try to access the 
> google map site. But when they try to access any other site 
> authentication will be prompted.

This cannot be done.

You can authenticate the user setting up a CONNECT tunnel, OR you can bypass authentication for them.

That authentication choice applies equally all requests sent over the tunnel. Whether they are for maps or for any other Google service. And it must be made *before* the tunnel is setup. Thus *before* the URL inside the tunnel becomes known.


Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUXIKwAAoJELJo5wb/XPRjMoMH/2yCMjxisbxWBAYnp+96908O
W46taJk7kqwUbtv76aOsSEcPpc3cBl4E+nFv7cQofRqgobcR2wTsJtgRupjuIgSb
SYPQKqJolbs/7wF5nhxbggewSfRU7B21aULKStkXV7BUWNlUIaV1vUsv+J1JV8OP
U/HkcVeXny1khCjF9nEKeXNUpOioUQ0LpPboAOrLnfZZfY098NkGubJF04/stUCQ
QXIErZ8cwX7yJ1x+yIwlVw4KVbtGaBJ8dd8PH4q3DknzAVxfJ0LZgYJC3nKTQMZ3
vUTMV33Rf94Y9x/yNrs6AVWcR3rLl08GkpFv3owqItkHa1hi7yFCuEg5e3bOFFA=
=AMi0
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list