[squid-users] ACL and outgoing IP
Antony Stone
Antony.Stone at squid.open.source.it
Tue Dec 27 16:30:05 UTC 2016
On Tuesday 27 December 2016 at 17:03:52, qdmetro wrote:
> I have a squid connected behind a firewall. On the firewall, only the Ip of
> the squid (192.168.1.1) is allowed to go on Internet.
>
> Usually, when a user authenticate itself on the proxy, all the requests use
> the outgoing IP of the squid (192.168.1.1) so the can access to the
> website. I want to allow some websites to be reachable without
> authentication (especially for the activation of windows licences). I've
> tried this :
>
> /acl Microsoft dstdomain .microsoft.com
> http_access allow Microsoft/
>
> With this configuration, the requests don't use the outgoing Ip of the
> proxy anymore, so they come to my firewall with the source IP of the
> client (which is not allowed to go on the Internet).
> I've tried this to force the outgoing IP for this acl :
>
> /tcp_outgoing_address 192.168.1.1 Microsoft/
>
> but the request still don't use the IP of the proxy.
>
> Maybe this kind of configuration isn't possible, or I miss something...
Show us your full squid.conf (just post it here in a reply, omitting comments
and blank lines).
That should give us more useful information to go on.
Antony.
--
I don't know, maybe if we all waited then cosmic rays would write all our
software for us. Of course it might take a while.
- Ron Minnich, Los Alamos National Laboratory
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list