[squid-users] unable to bypass authentication for certain domains

[lravelo]

OK so an update. I was able to bypass this but it seems like it might be a
maintenance nightmare. I created the following acl's:acl netscaler	src		
172.21.11.0/24acl direct		dstdomain	       
"/etc/squid3/sites.direct.txt"essentially we have a Citrix NetScaler that we
use as a load balancer for a bunch of stuff and we have four squid proxies
that use such a scheme but aren't doing any authentication at the moment
(which is where this one comes into play). Unfortunately, all the traffic
that squid sees is coming from the NetScaler (not really a big issue, but I
digress). I created a list of dstdomains that I want all non-domain PC's and
users with local accounts to access without authenticating. And so I created
this http_access rule:http_access allow netscaler directSo, for example, one
of the domains is .adp.com. The problem becomes when I actually go to any
adp.com site, I still get prompted for authentication. But if I hit cancel
enough times, I eventually get to the page. This led me to believe that
there are other domains at play here. So I've taken a look at the access.log
in order to see what other TCP_DENIED entries I was getting. Turns out there
were a whole bunch of other domains (like 20-30) that were also requested
and thus why I was getting multiple prompts to log in. I added every single
domain into the sites.direct.txt file and now I'm able to get to the site
with no issues on non-domain PC's and domain-joined PC's that are used with
local accounts only.Is this the best way to actually accomplish this? I
don't want to keep updating this txt file constantly every time adp modifies
their site.



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/unable-to-bypass-authentication-for-certain-domains-tp4675921p4675966.html
Sent from the Squid - Users mailing list archive at Nabble.com.