[squid-users] Auth and ip access on different ports
Alex Rousskov
rousskov at measurement-factory.com
Thu Feb 14 16:55:52 UTC 2019
On 2/14/19 4:34 AM, jetraw wrote:
> Hello guys, i want to make configuration where i'm going user 2 different
> ports for different type connection
> acl network src 10.20.20.0/24 #just sample of network
> acl auth proxy_autx REQUIRED
>
> acl connectport myportname 3128
> acl authporth myportname 3130
>
> http_access allow auth !connectport
> http_access allow network !authporth
>
> and if my first line is "http_access allow auth" i have REQUIRED window on
> the all PCs without AD, if i set first line "http_access allow network", all
> of my domain PCs go to the internet via acl network
>
> can i use one squid port to auth, and secon to ip connection in the same
> network?
Yes, you can. Put your port-filtering ACLs first so that Squid does not
evaluate the authentication ACL when it does not have to. Evaluation of
an authentication ACL leads to authentication.
Here is a sketch:
# For authporth, allow authenticated traffic only.
http_access allow authporth auth
http_access deny authporth
# If you only have two ports, then you know you are dealing with
# the second port here, so there is no need for explicit connectport.
http_access allow network
http_access deny all
Needless to say, you need more http_access rules to block various bad
requests. See squid.conf.default for details.
Alex.
More information about the squid-users
mailing list