[squid-users] Squid with LDAP-authentication: bypass selected URLs

Verwaiser squid at mail.verwaiser.de
Tue Mar 29 13:21:32 UTC 2016


Hello Fred,
thank you for your help!

Ok, I tried to insert a the acl in auth_param block as you described:

acl pdfdoc dstdomain webgate.ec.europa.eu
http_access allow password !pdfdoc
http_access allow pdfdoc

but no success was shown using the pdf-doc.
Then: Testing access to webgate.ec.europa.eu in browser squid asked me for a
password as usual.




Here my squid.conf in actual state (the file w7akt has some adresses for
novell and for w7-activation):

########################## Start

acl alle src 0.0.0.0/0.0.0.0
acl w7aktivierung dstdomain "/etc/squid/w7akt"
http_access allow w7aktivierung alle

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
acl wuCONNECT dstdomain novell.com
acl wuCONNECT dstdomain docs.live.net
acl wuCONNECT dstdomain d.docs.live.net

acl port_443 port 443
http_access allow CONNECT port_443

http_access allow CONNECT wuCONNECT

auth_param basic program /usr/sbin/squid_ldap_auth -b T=MYDOMAIN -f "uid=%s"
-s sub -h 192.168.1.1 acl password
auth_param basic children 10
auth_param basic realm Internetzugang im VERWALTUNGSNETZ FAL-BK: Bitte mit
den Daten aus diesem Netzwerk anmelden!
acl password proxy_auth REQUIRED
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
http_access allow password

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 192.168.1.0/23 # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl QUERY urlpath_regex cgi-bin \?
no_cache deny query
acl FILE_MP3 urlpath_regex -i \.mp3$
http_access deny FILE_MP3

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localnet
http_access allow localhost

http_access deny all

icp_access allow localnet
icp_access deny all

http_port 192.168.1.7:8080

hierarchy_stoplist cgi-bin ?
cache_mem 32 MB
cache_dir ufs /var/cache/squid 100 16 256
logformat combined %>a %ul %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
log_fqdn on
ftp_user Squid at my-domainname.de
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr admini at my-domainname.de
visible_hostname proxy.my-domainname.de
coredump_dir /var/cache/squid

###################### End 



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-with-LDAP-authentication-bypass-selected-URLs-tp4676689p4676838.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list