[squid-users] squid asking for authentication repeatedly

Paul Hackmann phackmann at gmail.com
Fri Dec 15 21:23:55 UTC 2017


Amos,

Understood.  I think it is all working correctly now.  Thank you!

PH

On Wed, Dec 13, 2017 at 7:35 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 14/12/17 11:32, Paul Hackmann wrote:
>
>> Amos,
>>
>> I will do an update to the most recent version and see if that helps.  It
>> was one of those situations where if it ain't broke, don't fix it.  And up
>> until now, it has worked very well.
>>
>> You are right, I had brain fade about port 4120.  It should NOT ask for
>> authentication ever, and only connect to whitelisted sites, which is what I
>> want.
>>
>> I've made the changes you recommended to the conf file.  So far,
>> everything seems to be working as I expect it to.  Thank you!
>>
>> One more question if you don't mind.  I am trying to add some ip
>> addresses as whitelisted for port 4120.  I guess I can't add those to the
>> whitelist file, because it's formatting doesn't work with IP addresses?
>>
>
> Sort of. dstdomain can accept IPs for matching against raw-IP text strings
> in URLs where domain should have been. But does not do ranges like you need
> there.
>
> So yes dst is the one to use there.
>
> However, be aware that it will match if *any* IPs for the domain being
> fetched is in your whitelist set. It has nothing to do with whether that
> matching dst-IP is actually used by Squid on the server connection.
> To workaround that is where explicitly configuring "never_direct allow
> all" comes in handy.
>
>
>   I read that you can add them into the conf file.  I've created the
>> following acl line:
>>
>> acl 8x8 dst 8.5.248.0/23 8.28.0.0/22 63.209.12.0/24 162.221.236.0/23
>> 162.221.238.0/23 192.84.16.0/22
>>
>> and I tried to add 8x8 to the the http_access line:
>>
>> http_access allow whitelist 8x8
>>
>> but when I did that, the 4120 port started asking for authentication,
>> which is wrong. Can you tell me how to open those ip address ranges for
>> port 4120?
>>
>>
> Your use of http_access is not quite right.
>
> see <https://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes>
>
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171215/74656c59/attachment.html>


More information about the squid-users mailing list