It is a matter of the order of your http_access rules..
http_access is a ordered list of rules. The first http_access rule which matches the request (all listed acls are true) will allow or deny the request. If one of the acls on the http_access line does not match the request Squid continues with the next http_access line. Regards Henrik tor 2003-03-06 klockan 15.26 skrev Sorisio,Chris: > Hola folks, > > I'm attempting to configure Squid 2.5.1 to support NTLM authentication while > allowing exceptions for specified clients. > > I have the NTLM authentication portion working with these snippets (though > it only authenticates against the domain the server is in, and I need to get > it to auth against other domains as well): > > auth_param ntlm program /usr/lib/squid/wb_ntlmauth > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > > external_acl_type wb_group %LOGIN /usr/lib/squid/wb_group > acl ProxyUsers external wb_group wwwusers > > http_access allow ProxyUsers > > I also have: > > acl ssupp001 src 192.188.103.79/255.255.255.255 > http_access allow ssupp001 > > Along with the usual entries for localhost. > > Unfortunately, wget still spits out 407 errors requiring proxy auth. > > Am I missing something to tell Squid to permit specified clients regardless > of ntlm? > > Thanks, > > Chris -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
