+ Post New Thread
Results 1 to 4 of 4
Internet Related/Filtering/Firewall Thread, squid bypass authentication ipad in Technical; Hello, Am wondering whether this is possible. I have been trying and failing for quite sometime so think I am ...
  1. #1
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0

    squid bypass authentication ipad

    Hello,

    Am wondering whether this is possible.

    I have been trying and failing for quite sometime so think I am maybe trying to do something illogically.(not first time for that)

    What it is :

    Have squid and dansguardian running. I have Active Directory users working with the dansguardian and squid. All this is behind another proxy which is a cache peer parent.

    I can use the filter and it works great.

    I am then trying to use this with an ipad it partially works but i get an issue.

    I can use the proxy and the filter with safari but if i use the ipad to browse my ibook library (not the store, dont need that yet), the ipad tries to authenticate even though i have already authenticated.

    I am not sure what background connections are happening whilst using the ibooks app, I looked in the squid access.log and saw some denied entries:
    ax.init.itunes.apple.com/sadfsdf.xml?
    phobos.apple.com/ssgsad.xml?
    gs-loc.apple.com:443

    I tried to allow these with similar rules to these:

    acl apple-url1 url_regex ^ax.init.itunes.apple.com/sadfsdf.xml?
    acl appledomain dstdomain apple.com

    http_access allow apple-url1
    http_access allow appledomain

    and certain other methods.

    Not really sure whats happening in regards to background connections on ipad and any pointers would really help

    Thanks.
    Last edited by duxbuz; 20th September 2011 at 01:24 PM.

  2. #2


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,458
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    You need to tell squid not to authenticate those domains. I guess you are doing NTLM auth - we have years of experience in finding domains which don't play ball when you have an authenticating proxy, but we still get caught by one or two.

    Watch out for itunes as well, it plays VERY badly with inspecting proxies.

  3. #3
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    I did try something like this... but had same results

    Quote Originally Posted by Duke5A View Post
    Create an ACL line in your Squid configuration file that looks like this...

    acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
    Then place an access rule right before the one that requires NTLM authentication that reads like this...

    http_access allow all bypassNTLM
    Now add whatever sites to "/etc/squid/bypassauth-sites.squid" you want that can bypass domain authentication.

    Test it by logging onto a domain computer locally (or a computer not on the domain), set your proxy up in Internet Explorer, and try browsing the web. You should get asked for credentials with the exception of the ones specified in bypassauth-sites.squid.
    Is this the type of thing you mean?

    Thanks.

  4. #4
    duxbuz's Avatar
    Join Date
    Jan 2010
    Posts
    338
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0
    Actually this seems to be giving me better results now.

    I think I missed the point of inserting the rule in the correct place, i.e. just before my http_access allow authenticated.

    as was mentioned
    Quote Originally Posted by Duke5A View Post
    Then place an access rule right before the one that requires NTLM authentication that reads like this...
    So now I need to add other rules for google maps. I am currently filtering google so I will have to be pedantic about the url.

    I will try some stuff

    Thanks for your help.

    And thanks to Duke5A

SHARE:
+ Post New Thread

Similar Threads

  1. Squid Configuration - Bypass Auth?
    By Duke5A in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 13th August 2013, 03:20 PM
  2. Squid and authentication with server 2008 R2
    By ind1ekid in forum Internet Related/Filtering/Firewall
    Replies: 17
    Last Post: 31st October 2011, 09:40 AM
  3. [iPad] Apple iPod/iPad Implementation
    By Starkiller in forum Netbooks, PDA and Phones
    Replies: 2
    Last Post: 16th March 2011, 11:51 AM
  4. [iPad] Ipad functionality
    By projector1 in forum Netbooks, PDA and Phones
    Replies: 5
    Last Post: 15th November 2010, 02:22 PM
  5. Squid authentication
    By localzuk in forum *nix
    Replies: 21
    Last Post: 14th February 2007, 08:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •