Internet Related/Filtering/Firewall Thread, squid bypass authentication ipad in Technical; Hello,
Am wondering whether this is possible.
I have been trying and failing for quite sometime so think I am ...
I have been trying and failing for quite sometime so think I am maybe trying to do something illogically.(not first time for that)
What it is :
Have squid and dansguardian running. I have Active Directory users working with the dansguardian and squid. All this is behind another proxy which is a cache peer parent.
I can use the filter and it works great.
I am then trying to use this with an ipad it partially works but i get an issue.
I can use the proxy and the filter with safari but if i use the ipad to browse my ibook library (not the store, dont need that yet), the ipad tries to authenticate even though i have already authenticated.
I am not sure what background connections are happening whilst using the ibooks app, I looked in the squid access.log and saw some denied entries:
I tried to allow these with similar rules to these:
You need to tell squid not to authenticate those domains. I guess you are doing NTLM auth - we have years of experience in finding domains which don't play ball when you have an authenticating proxy, but we still get caught by one or two.
Watch out for itunes as well, it plays VERY badly with inspecting proxies.
I did try something like this... but had same results
Originally Posted by Duke5A
Create an ACL line in your Squid configuration file that looks like this...
acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
Then place an access rule right before the one that requires NTLM authentication that reads like this...
http_access allow all bypassNTLM
Now add whatever sites to "/etc/squid/bypassauth-sites.squid" you want that can bypass domain authentication.
Test it by logging onto a domain computer locally (or a computer not on the domain), set your proxy up in Internet Explorer, and try browsing the web. You should get asked for credentials with the exception of the ones specified in bypassauth-sites.squid.