The other thing you can try is to have those users in a specific block of LAN addresses and create an ACL that allows access for hosts in that block only.
acl SpecialHosts src 172.25.1.13/255.255.255.255 http_access allow SpecialHosts http_access allow AuthorisedUsers The above example just allows the single host -172.25.1.13- through the proxy unauthenticated. You will have to make sure the 'SpecialHosts' http_access statement is above the Authorised users acl. Hope this helps, Brad. Network Administrator Alphawest Services Pty Ltd Tel: (61 2) 9682 4992 Fax: (61 2) 9682 5449 <http://www.alphawest.com.au> -----Original Message----- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, 10 November 2004 8:23 PM To: tony bologna Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] optional authenication On Wed, 10 Nov 2004, tony bologna wrote: > Is it possible to concoct a sequence of ACLs that would permit a user to > access the proxy if they entered incorrect authentication information? Not really, but see below. > I am using NTLM authentication, and would like to allow users that are > not logged into the domain or otherwise do not have an AD account to use > the proxy. You could use the fake_auth helper.. this accepts any username+password (when it works at all). It obviously makes it trivial for your users to spoof their identities. Regards Henrik
