[squid-users] Fwd: Re: Authentification LDAP Exception for IP adresse
Antony Stone
Antony.Stone at squid.open.source.it
Fri Feb 26 09:28:14 UTC 2016
> Date: Friday 26 February 2016 10:17:18
> From: Jérôme Seuniac <jseuniac at gmail.com>
>
> Sorry for my squid.conf, want those two IP addresses to be
> allowed access without authentication.
In that case simply define an ACL for those two addresses and add an
http_access line for them before anything else.
You currently have:
> acl ldap-auth proxy_auth REQUIRED
> acl ldap-group external ldap_group PROXY_ALLOWED
So, define something like this as well:
acl Exception src 192.168.1.100 192.168.1.200
> http_access deny !ldap-group
> http_access deny !ldap-auth
> http_access allow all
I do not approve of that method of allowing access - you appear to have
removed the standard access rules:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
You should put these back in to your configuration, and then follow them with:
http_access allow Exception
http_access allow ldap-group
http_access allow ldap-auth
http_access deny all
You also have:
> #RESEAU AUTORISE
> acl VLan_etage src 192.168.1.0/24
What is that used for?
Regards,
Antony.
--
"Linux is going to be part of the future. It's going to be like Unix was."
- Peter Moore, Asia-Pacific general manager, Microsoft
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list