[squid-users] Squid to ask for, but not require, authentication.
Graham
gcsquid-users at crowie.net
Sun Jun 21 12:24:57 UTC 2015
I am looking for a way to configure Squid to ask for (and check)
authentication using LDAP, but to proceed if there is no auth
information provided.
I have been using DansGuardian for a while with Squid authenticating and
then getting DansGuardian to filter based on the username that Squid has
authenticated. The browsers talk directly to DansGuardian, which talks
to Squid, which does the work over the 'net.
I am now trying to add an android device - which has some apps that
don't ask the user for a login/password (although they do talk to the
proxy) and therefore they fail to connect with a 407 error. I have
modified DansGuardian to allow just this one IP to work without
authentication, but Squid requires the auth and denies the requests. If
I make Squid more permissive (remove the auth config) then DansGuardian
works with that IP address, but will then block all other IP addresses
as Squid hasn't authenticated anyone. Note that I can't do IP
authentication from Squid because all requests come from the
DansGuardian IP (which happens to be localhost) and it can't tell which
ones to authenticate and which to allow.
Basically what I think I want is for DansGuardian to make the decisions
on whether to allow the connection, and Squid to perform the check of
the authentication via LDAP and to allow the connection if the auth is
OK, or is not present... and to deny the connection if the auth is
present but incorrect.
Is this possible?
Or am I going about this in the wrong way?
Thanks
GC
More information about the squid-users
mailing list