I'm having a hard time composing acls that work. I'm hoping someone can help. Thanks for the previous tips, I am a little further. :-)
I set up smb_auth to track connections by user name. That works very well. squid prompts for a username and password. The problem is, that I can configure an external browser outside of the network to use the proxy and I get a username and password prompt there as well. I'm trying to figure out how to only have authentication be available to users inside my network. Here are the acls I have now: acl domainusers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl mynetwork src 192.168.0.0/24 acl workmachine src 207.xxx.xxx.xxx http_access allow localhost http_access allow mynetwork http_access allow domainusers !workmachine #http_access allow workmachine http_access deny all So with the above ruleset I can access the authentication prompt from every outside IP except my workstation which is outside of the network. :-) Is there any acl that I could put in that would mention the "outside network" and then make a line like this: http_access allow domainusers !outsidenetwork I thought I could add more restrictions to the group domainusers but these lines didn't take when I tried to restart squid: acl domainusers src 192.168.0.0/24 #local network acl domainusers src 207.xxx.xxx.xxx #my work machine, external to the network I know I could block external requests to port 3128 but I'd like to be able to figure it out from within squid. Thanks all! Bob
