Forcing authentication on specific websites (forwarding)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Forcing authentication on specific websites (forwarding)

Joshua Rogers
Hi all,

I am trying to get Squid to work as an open forwarding proxy, but with a greylist.

I am hoping to allow access to all websites through squid except certain websites. Sites which are not allowed will require authentication.

I tried this configuration:
http_access allow all
acl my_auth proxy_auth REQUIRED
acl google_users proxy_auth user1 user2 user3
acl google dstdomain .google.com
http_access deny google !google_users
http_access allow my_auth 

but it simply allowed access to all websites instead of blocking *only* .google.com.

Is this sort of configuration possible with Squid, and if so, how can it be done?

Cheers,
Josh

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Forcing authentication on specific websites (forwarding)

Alex Rousskov
On 3/12/21 12:17 PM, Joshua Rogers wrote:

> I am hoping to allow access to all websites through squid except certain
> websites. Sites which are not allowed will require authentication.
>
> I tried this configuration:
> http_access allow all

Game over. The order of http_access rules matters. The first matching
rule wins. An always-matching "all" rule renders any further http_access
rules useless.

I have not tested this, but I would start with something like this:

    http_access allow google google_users
    http_access deny google
    http_access allow all

Alex.


> acl my_auth proxy_auth REQUIRED
> acl google_users proxy_auth user1 user2 user3
> acl google dstdomain .google.com <http://google.com>
> http_access deny google !google_users
> http_access allow my_auth 
>
> but it simply allowed access to all websites instead of blocking *only*
> .google.com <http://google.com>.
>
> Is this sort of configuration possible with Squid, and if so, how can it
> be done?
>
> Cheers,
> Josh
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Forcing authentication on specific websites (forwarding)

Joshua Rogers
Hi Alex,

Thank you, that works perfectly.

Cheers,
Josh

On Fri, Mar 12, 2021 at 7:50 PM Alex Rousskov <[hidden email]> wrote:
On 3/12/21 12:17 PM, Joshua Rogers wrote:

> I am hoping to allow access to all websites through squid except certain
> websites. Sites which are not allowed will require authentication.
>
> I tried this configuration:
> http_access allow all

Game over. The order of http_access rules matters. The first matching
rule wins. An always-matching "all" rule renders any further http_access
rules useless.

I have not tested this, but I would start with something like this:

    http_access allow google google_users
    http_access deny google
    http_access allow all

Alex.


> acl my_auth proxy_auth REQUIRED
> acl google_users proxy_auth user1 user2 user3
> acl google dstdomain .google.com <http://google.com>
> http_access deny google !google_users
> http_access allow my_auth 
>
> but it simply allowed access to all websites instead of blocking *only*
> .google.com <http://google.com>.
>
> Is this sort of configuration possible with Squid, and if so, how can it
> be done?
>
> Cheers,
> Josh
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users