Awesome! That worked a treat! Thanks for your help Billy :))
Anthony -----Original Message----- From: Billy Macdonald [mailto:[EMAIL PROTECTED] Sent: Friday, 27 August 2004 3:57 PM To: [EMAIL PROTECTED] Cc: Squid Mailing List Subject: Re: [squid-users] Allowing sites without proxy_auth? Anthony wrote: >Hello, I am only new to squid, and am looking to implement an extra >"feature" in my workplace. > >At the moment, we are using proxy_auth to force all users' to type their >username and password before accessing any website. > >What I wish to do is to allow certain sites access without the need for a >username/password. For example http://windowsupdate.microsoft.com > >I am aware I need to use ACL's, but am not sure what, or where, I need to >put them in. >Below is what I have in my squid.conf file for the ACL config. > >######## START squid.conf CODE ########## >acl all src 0.0.0.0/0.0.0.0 >acl manager proto cache_object >acl localhost src 127.0.0.1/255.255.255.255 >acl allowed_hosts src 172.29.73.0/255.255.255.192 >acl to_localhost dst 127.0.0.0/8 >acl SSL_ports port 443 563 >acl Safe_ports port 80 # http >acl Safe_ports port 21 # ftp >acl Safe_ports port 443 563 # https, snews >acl Safe_ports port 70 # gopher >acl Safe_ports port 210 # wais >acl Safe_ports port 1025-65535 # unregistered ports >acl Safe_ports port 280 # http-mgmt >acl Safe_ports port 488 # gss-http >acl Safe_ports port 591 # filemaker >acl Safe_ports port 777 # multiling http >acl CONNECT method CONNECT >acl ncsa_users proxy_auth REQUIRED > > >http_access allow ncsa_users >http_access deny manager all >http_access allow allowed_hosts >http_access deny !Safe_ports >http_access deny CONNECT !SSL_ports >http_access deny all >######## END squid.conf CODE ########## > > >Any help would be much appreciated!! > >Kind regards, > >Anthony. > > > > > Change part of your rules to something like this: acl windows_update dstdomain windowsupdate.microsoft.com http_access allow windows_update http_access allow ncsa_users. By allowing to the domain before allowing auth users then they will be able to access that site without authenticating. Billy
