Re: [squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication
Fantastic. This worked for me. thanks Chris and Amos for the replies. --Kiran On Tue, Jan 19, 2010 at 1:23 PM, Chris Robertson wrote: > kiran kumar wrote: >> >> Dear All, >> >> I'm trying to use "external_acl_type" with squid3-stable-19 to enforce >> user Authentication. I don't want to authenticate every request but >> have Squid talk to my policy framework before deciding either to >> authenticate or skip authentication for the request. The policy will >> be based on source-ip of the request. Is there a way to do this in >> Squid? I was hoping Squid to use the return value of external helper >> program to enforce authentication. >> >> I do not want to configure this statically in squid.conf as the >> policies keep changing.\ >> >> Thanks in Advance, >> >> Kiran >> > > I haven't tested it, but I think... > > http_access deny is_auth_needed !proxy_auth > http_access allow my_net > > ...where "is_auth_needed" is an external ACL that returns "OK" for IPs that > require authentication and "ERR" for those that don't and "proxy_auth" is a > standard authentication ACL would do just what you want. > > ACLs that comprise http_access rules are "ANDed" together, so if the first > test fails, further ACls are not checked. > > Chris > >
Re: [squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication
kiran kumar wrote: Dear All, I'm trying to use "external_acl_type" with squid3-stable-19 to enforce user Authentication. I don't want to authenticate every request but have Squid talk to my policy framework before deciding either to authenticate or skip authentication for the request. The policy will be based on source-ip of the request. Is there a way to do this in Squid? I was hoping Squid to use the return value of external helper program to enforce authentication. I do not want to configure this statically in squid.conf as the policies keep changing.\ Thanks in Advance, Kiran I haven't tested it, but I think... http_access deny is_auth_needed !proxy_auth http_access allow my_net ...where "is_auth_needed" is an external ACL that returns "OK" for IPs that require authentication and "ERR" for those that don't and "proxy_auth" is a standard authentication ACL would do just what you want. ACLs that comprise http_access rules are "ANDed" together, so if the first test fails, further ACls are not checked. Chris
[squid-users] Fwd: how to use squid external_acl_type to enforce policy based authentication
Dear All, I'm trying to use "external_acl_type" with squid3-stable-19 to enforce user Authentication. I don't want to authenticate every request but have Squid talk to my policy framework before deciding either to authenticate or skip authentication for the request. The policy will be based on source-ip of the request. Is there a way to do this in Squid? I was hoping Squid to use the return value of external helper program to enforce authentication. I do not want to configure this statically in squid.conf as the policies keep changing.\ Thanks in Advance, Kiran
