[squid-users] Squid to ask for, but not require, authentication.

Graham gcsquid-users at crowie.net
Sun Jun 21 12:24:57 UTC 2015


I am looking for a way to configure Squid to ask for (and check) 
authentication using LDAP, but to proceed if there is no auth 
information provided.

I have been using DansGuardian for a while with Squid authenticating and 
then getting DansGuardian to filter based on the username that Squid has 
authenticated. The browsers talk directly to DansGuardian, which talks 
to Squid, which does the work over the 'net.

I am now trying to add an android device - which has some apps that 
don't ask the user for a login/password (although they do talk to the 
proxy) and therefore they fail to connect with a 407 error. I have 
modified DansGuardian to allow just this one IP to work without 
authentication, but Squid requires the auth and denies the requests. If 
I make Squid more permissive (remove the auth config) then DansGuardian 
works with that IP address, but will then block all other IP addresses 
as Squid hasn't authenticated anyone. Note that I can't do IP 
authentication from Squid because all requests come from the 
DansGuardian IP (which happens to be localhost) and it can't tell which 
ones to authenticate and which to allow.

Basically what I think I want is for DansGuardian to make the decisions 
on whether to allow the connection, and Squid to perform the check of 
the authentication via LDAP and to allow the connection if the auth is 
OK, or is not present... and to deny the connection if the auth is 
present but incorrect.


Is this possible?

Or am I going about this in the wrong way?


Thanks

GC


More information about the squid-users mailing list