[squid-users] Fallback auth method

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 14 12:00:49 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15/11/2014 12:33 a.m., schinken wrote:
> Maybe i'll try to simplify my question ;)
> 
> 
> Is it possible to skip the:
> 
>> http_access allow AllowedMemberOf all
> 
> if auth_param basic was the authenticator (instead of the other 
> authentications like NTLM/LDAP)?

They are already being skipped by the "http_access allow auth" line.
Which allows all clients through as long as they can provide
credentials from any of the configured auth schemes.


What you asked for is done like this:

  acl basicAuth req_header Proxy-Authorization ^Basic

  http_access allow !basicAuth AllowedMemberOf all
  http_access deny !basicAuth BlockedMemberOf all

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUZe7uAAoJELJo5wb/XPRj1ZsH/2F4LzWInFlKJO+DgtmQ4j2n
nExTcKZj0C1REwUPpGTE3umv5KNXRY36AeWMOEuVAH9hVA//rR4PkX8eaP72qFn8
vEwHCQL0+SBSTlo8ftg5yrFNS6CLL/MilsU6Jg0H8gFKqdK2BEJG8DCX+0kGN/EE
JXM78DsHK2ZWZRcRmIewT6jv2FDhyIoQM++EtCd+q4E2/HBYY3HyisJxqhr+WaP6
mqjjkSRnY3TlmIgh6nC+SQQnJREeKg++qgiw4B2vJUPELE+6nk5BzeHeuGPXFeU7
Eq/48jILAGMvKhX17Ze0KLqQlQ5HRL/0bTbvzD1jyfUz8OiYRm0gKfkYbRc3nZE=
=QhEo
-----END PGP SIGNATURE-----


More information about the squid-users mailing list