Anthony wrote:
Hello, I am only new to squid, and am looking to implement an extra "feature" in my workplace.
At the moment, we are using proxy_auth to force all users' to type their username and password before accessing any website.
What I wish to do is to allow certain sites access without the need for a username/password. For example http://windowsupdate.microsoft.com
I am aware I need to use ACL's, but am not sure what, or where, I need to put them in. Below is what I have in my squid.conf file for the ACL config.
######## START squid.conf CODE ########## acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl allowed_hosts src 172.29.73.0/255.255.255.192 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users http_access deny manager all http_access allow allowed_hosts http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all ######## END squid.conf CODE ##########
Any help would be much appreciated!!
Kind regards,
Anthony.
Change part of your rules to something like this:
acl windows_update dstdomain windowsupdate.microsoft.com
http_access allow windows_update http_access allow ncsa_users.
By allowing to the domain before allowing auth users then they will be able to access that site without authenticating.
Billy
