RE: [squid-users] re Howto conf. Squid to allow lan without username password

>>> On 7/19/05, Robert Becskei <brobiwbe@stcable.co.yu> wrote:
>>> Hello everyone,
>>>
>>> I have my proxy server running on the same computer which is my router,
>>> the problem is (till I seperate the two,...which I will but later)
>>> that squid asks for username/password for lan computers as well, is there
>>> a way to tell squid to allow 192.168.x.x without username / password ?
>>>
>>> Sincerely
>>> Robert B
>>
>> ----- Original Message -----
>> From: "Kashif Ali Bukhari" <kbukhari@gmail.com>
>> To: "Robert Becskei" <brobiwbe@stcable.co.yu>
>> Cc: <squid-users@squid-cache.org>
>> Sent: Tuesday, July 19, 2005 10:14
>> Subject: Re: [squid-users] Howto conf. Squid to allow lan without username
>> password
>>
>>
>> ok
>> u can allows Ur
>> 192.168.x.x before authentications
>> like
>>
>> acl lan src 192.168.0.0/24
>> http_access allow all
>>
>> Note: and in next line write authentication acls
>>
>>
> -----Original Message-----
> From: Robert Becskei [mailto:brobiwbe@stcable.co.yu]
> Sent: Tuesday, July 19, 2005 12:35 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] re Howto conf. Squid to allow lan without
> username password
>
>
> Hello ,
>
> thank you for the fast response, but will this work the way I would like it
> to :
>
> I don't allow any users to go to the internet without authentication, ...
> I wan't to allow all my users to be able to view webpages that are
> 192.168.x.x without username / password. (security camera stuff)
>
> currently if you type http://192.168.1.109 (which is a security camer
> server
> webpage) squid asks for a password, I wish that squid would not ask for a
> password.
>
>
> acl lan src 192.168.0.0/24
> http_access allow lan
>
> will allow these users to use the internet without password as well?
>
> my current squid.conf looks like this : (so you can better understand my
> current situation)
>
> http_port 3228
> auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password
> auth_param basic children 5
> auth_param basic realm Username And Password Required For Internet Access
> auth_param basic credentialsttl 8 hours
> cache_mem 48 MB
> maximum_object_size_in_memory 256 KB
> maximum_object_size 1024 KB
> cache_dir ufs /proxy1/ 6000 14 256
> cache_dir ufs /proxy2/ 6000 14 256
> cache_mgr brobiwbe@*********
> cache_effective_user nobody
> cache_effective_group nobody
> forwarded_for off
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl Dangerous_ports port 7 9 19 22 23 25 53 109 110 119
> acl CONNECT method CONNECT
> acl deny_ext urlpath_regex -i "/etc/squid/deny_ext"
> acl nem_cachelunk dstdomain .google.com
> no_cache deny nem_cachelunk
> acl nem_cachelunk2 dstdomain .deltabanka.co.yu
> no_cache deny nem_cachelunk2
> acl microsoft_update dstdomain .microsoft.com
> acl microsoft_update2 dstdomain .download.windowsupdate.com
> acl helpserver dstdomain .helpserver.vir
> acl FTP proto FTP
> always_direct allow FTP
> acl deltabank dstdomain .deltabanka.co.yu
> acl authentic proxy_auth internet
> acl masterUser proxy_auth master
> acl bridge_univerzal src 192.168.1.200
> acl alstar_mail src 192.168.2.200
> acl teszt_cucc src 192.168.1.211
> acl bridge_capriolo src 192.168.0.200
> acl robi src 192.168.1.197
> acl shops src "/etc/squid/prod_banned"
> acl workTime time MTWHF 06:00-17:00
> http_access deny Dangerous_ports
> http_access allow helpserver
> http_access deny shops workTime
> deny_info ERR_PROD_BANNED shops workTime
> http_access allow microsoft_update
> http_access allow microsoft_update2
> http_access allow deltabank
> http_access allow masterUser
> http_access deny deny_ext
> http_access allow bridge_univerzal
> http_access allow bridge_capriolo
> http_access allow alstar_mail
> http_access allow teszt_cucc
> http_access allow robi
> http_access allow authentic
> http_access deny all
> redirector_access deny masterUser
> redirect_program /usr/bin/squidguard
> redirect_children 4
>
>
> Sincerely
> Robert B
>

acl from_lan src 192.168.0.0/24
acl to_lan dst 192.168.0.0/24
...
http_access allow from_lan to_lan
http_access allow authentic
http_access deny all

Local traffic is permitted without authentication.

Chris
Received on Tue Jul 19 2005 - 14:20:48 MDT