[squid-users] Fwd: Re: Authentification LDAP Exception for IP adresse

Jérôme Seuniac jseuniac at gmail.com
Fri Feb 26 09:43:37 UTC 2016


Thanks for your help.

I have change my configuration with your advice.

It's works !

:-)

2016-02-26 10:28 GMT+01:00 Antony Stone <Antony.Stone at squid.open.source.it>:
>> Date: Friday 26 February 2016 10:17:18
>> From: Jérôme Seuniac <jseuniac at gmail.com>
>>
>> Sorry for my squid.conf, want those two IP addresses to be
>> allowed access without authentication.
>
> In that case simply define an ACL for those two addresses and add an
> http_access line for them before anything else.
>
> You currently have:
>
>> acl ldap-auth proxy_auth REQUIRED
>> acl ldap-group external ldap_group PROXY_ALLOWED
>
> So, define something like this as well:
>
> acl Exception src 192.168.1.100 192.168.1.200
>
>> http_access deny !ldap-group
>> http_access deny !ldap-auth
>> http_access allow all
>
> I do not approve of that method of allowing access - you appear to have
> removed the standard access rules:
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> You should put these back in to your configuration, and then follow them with:
>
> http_access allow Exception
> http_access allow ldap-group
> http_access allow ldap-auth
> http_access deny all
>
> You also have:
>
>> #RESEAU AUTORISE
>> acl VLan_etage src 192.168.1.0/24
>
> What is that used for?
>
> Regards,
>
>
> Antony.
>
> --
> "Linux is going to be part of the future. It's going to be like Unix was."
>
>  - Peter Moore, Asia-Pacific general manager, Microsoft
>
>                                                    Please reply to the list;
>                                                          please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



-- 
Cordialement,
Seuniac Jérôme.


More information about the squid-users mailing list