Internet Related/Filtering/Firewall Thread, Squid Configuration - Bypass Auth? in Technical; Here is the deal... I setup a Squid/Dansguardian box running Ubuntu 9.10 a couple weeks ago for Internet access logging. ...
13th September 2010, 03:44 PM #1
Squid Configuration - Bypass Auth?
Here is the deal... I setup a Squid/Dansguardian box running Ubuntu 9.10 a couple weeks ago for Internet access logging. It works great, authenticates against a 2003 Windows Server domain, and logs traffic with AD user names. The issue is third party apps on the client machines that don't support NTLM, or basic authentication against a proxy. Since they don't pass credentials to the proxy, they can't get out. One of these apps is Google Earth, well, not all of it. When a user clicks on a landmark to view pictures, nothing comes up. If I change IE to another proxy that doesn't require authentication, it works beautifully.
I guess what I'm asking is, how do configure squid to bypass authentication for a particular domain?
IDG Tech News
5th October 2010, 09:54 AM #2
- Rep Power
did you get a solution for this
we have the same with smartboard software
18th October 2010, 10:14 PM #3
Yeah, sure did, just had to ask Google, go figure.
Originally Posted by voodoochile
Create an ACL line in your Squid configuration file that looks like this...
Then place an access rule right before the one that requires NTLM authentication that reads like this...
acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
Now add whatever sites to "/etc/squid/bypassauth-sites.squid" you want that can bypass domain authentication.
http_access allow all bypassNTLM
Test it by logging onto a domain computer locally (or a computer not on the domain), set your proxy up in Internet Explorer, and try browsing the web. You should get asked for credentials with the exception of the ones specified in bypassauth-sites.squid.
7th August 2013, 04:20 PM #4
Say if you want to bypass authetication when browising the internet via certain IP address? would this be possible?
Basically we have users who access a browser via citrix, we want these citrix servers to not ask users to authenticate.
13th August 2013, 04:20 PM #5
Yeah, you can drop an IP in a separate line and it'll work just like a domain name.
By Number6 in forum Internet Related/Filtering/Firewall
Last Post: 10th August 2010, 01:31 PM
By bart21 in forum Internet Related/Filtering/Firewall
Last Post: 23rd April 2010, 10:12 AM
By ful56_uk in forum Web Development
Last Post: 8th January 2010, 09:24 PM
By Cragzman in forum *nix
Last Post: 22nd October 2008, 03:59 PM
Last Post: 21st April 2008, 10:33 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)