[squid-users] How te deal with proxy authentication bypass

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 29 10:40:20 UTC 2020


On 29/09/20 3:55 am, Service MV wrote:
> In my case I have the domains, for example from webex, which I get from
> their official support page. It seems that I am doing something wrong or
> I am not understanding well.
> I base on this documentation
> https://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass
> 
> The error I get is 407. I understand I should not request authentication
> to those domains with the configuration I have, but apparently it does.
> 

In the (possibly outdated now) config you showed earlier the
"NO_INTERNET" ACL might produce a 407 if credentials are completely
missing, but not re-auth if they are invalid.
 If you wish to have a free audit please post your current squid.conf
rules and I will comment on useful changes.


> Below I have a bandwidth control configuration with acl note, I don't
> know if that will be triggering the webex client authentication request.
> Maybe someone with more experience can tell me.

"note" ACL will match if the data is available but not trigger
authentication sequences. That is what makes it so useful for fast-group
access checking logins.


Amos


More information about the squid-users mailing list