Hi,
*
**"Access to google maps(https://www.google.com/maps) should prevent any
authentication need"*
I could understand that all users should be able to access the google
maps link without any authentication. For this you could add the site
acl before the authentication part in the squid conf. So that users will
not prompt for the authentication when the user try to access the google
map site. But when they try to access any other site authentication will
be prompted.
(i.e)
acl GoogleMaps url_regex -i ^https://www.google.com/maps*.
acl allow GoogleMaps all
auth_param basic children 5
auth_param basic realm Welcome to Our Website!
auth_param basic program /usr/lib64/squid/basic_ncsa_auth
/etc/squid/squid_user
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
....
....
I am not clear about the remaining part of the content.
Regards,
ViSolve Squid
On 11/07/2014 08:55 AM, sq...@icshk.com wrote:
Hello all,
As our company policy only allow some machines to access to some SSL
website URL(eg. https://www.google.com/maps). However, they do not
have access to https://www.google.com/ Before, we tried to implement
authentication, everything works fine. We try to allow https access to
https://www.google.com/maps and “CONNECT” request to www.google.com
<http://www.google.com> using SSL bump. Now, I want to preserve this
config, and let user to authenicate to access to any website. Access
to google maps(https://www.google.com/maps) should prevent any
authentication need. However, I am not success to figure this out. I
have tried different kinds of configuration, some will prompt for
authentication. Some will not allow the authenticated users to access
to https://www.google.com. From the access log, after I authenticate
and try to access to https://www.google.com, the authentication
information is not displayed. Seems squid do not use the
authentication information when matching the this rule:
“http_access allow CONNECT google”.
The “CONNECT” method is success. Then, the squid will continue use no
authentication information to process the “GET” command, causing the
authenticated user to denied access to https://www.google.com.
Can I make squid always use the authentication information if already
authenticate ? Or any suggestion to implement this policy.
Thanks.
Here is an extracted version of config which should state the related
configuration:
auth_param basic children 5
auth_param basic realm Welcome to Our Website!
auth_param basic program /usr/lib64/squid/basic_ncsa_auth
/etc/squid/squid_user
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl my_auth proxy_auth REQUIRED
acl SSL_ports port 443
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
acl GoogleMaps url_regex -i ^https://www.google.com/maps*.
acl test_net src 192.168.1.253/32
acl google dstdomain www.google.com
<http://www.google.com>
http_access deny CONNECT !SSL_ports
http_access allow GoogleMaps
http_access allow CONNECT google
http_access deny CONNECT google my_auth
#http_access allow CONNECT test_net google
http_access allow my_auth all
http_access deny all
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
