Amos, That was exactly what I was looking for. I tried it and it seems to work just like I wanted. My other alternative would have been to run 2 copies of squid, but this is much cleaner from my perspective. Thank you very much!
PH On Mon, Nov 20, 2017 at 9:13 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 21/11/17 06:56, Paul Hackmann wrote: > >> Amos, >> >> If the website that is being asked for is not in the whitelist, won't it >> fall through and ask for authentication? That is how it seems to work to >> me. That's why I am thinking I need 2 different ports or something to do >> what I want. >> > > You do need two different ports regardless of the http_access rules. One > for the forward/explicit proxy traffic and one for the intercept/tproxy > traffic. The TCP IP:port details for each of those "modes" is given in > completely different ways and the HTTP message syntax is also different so > the *cannot* be delivered to the same ports. > > > A whitelist generally is formed from two lines, one allowing and one > denying everything else. > > If 'everything else' is defined as just the stuff arriving in one specific > port you get this: > > http_port 3128 > http_port 3129 intercept > > acl portX myportname 3129 > > http_access allow portX whitelist > http_access deny portX > > http_access deny !login > ... > > Amos > > > >> PH >> >> >> On Mon, Nov 20, 2017 at 11:38 AM, Amos Jeffries <squ...@treenet.co.nz >> <mailto:squ...@treenet.co.nz>> wrote: >> >> On 21/11/17 05:02, Paul Hackmann wrote: >> >> Hi all. I've got a fairly basic squid config set up on linux. >> I have basic authentication set up on it to the default 3128 >> port, and it works just fine. I would like to keep this >> configuration. However, I would like to set up another port >> that only allows a certain whitelist of websites that doesn't >> require or ask for authentication. I want to set this up for >> certain apps that don't have proxy settings built into them. I >> want windows to be able to connect to some sites, but not >> everything and if it can't reach the site, I don't want it to >> ask for credentials. With my current configuration, it asks for >> credentials for any app that is trying to connect to a >> non-whitelisted website. Is this configuration possible and do >> you have an example? Sorry if this has been answered before, I >> am very green to squid yet. >> >> >> Simply place the http_access rules for handling that traffic above >> the first line which requires authentication. >> >> http_access ... lines that dont require auth. >> >> acl login proxy_auth REQUIRED >> http_access deny !login >> >> http_access ... rules for authenticated users. >> >> >> Amos >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> <mailto:squid-users@lists.squid-cache.org> >> http://lists.squid-cache.org/listinfo/squid-users >> <http://lists.squid-cache.org/listinfo/squid-users> >> >> >> >> >> -- >> Paul Hackmann >> Sims TV/Haven Electronics >> 121 N. Vine St. >> West Union, IA. 52175 >> 563-422-5751 <tel:(563)%20422-5751> >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- Paul Hackmann Sims TV/Haven Electronics 121 N. Vine St. West Union, IA. 52175 563-422-5751
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
