Re: [squid-users] no auth for one domain?
You can put the http_access with the acl before the http_access allow_ntlm and it should work? That works; provided the acl-type is not related to the object's internals. M.
Re: [squid-users] no auth for one domain?
We ended up using AD Group policy to not go through the proxy for that site... not ideal, but just to make sure I understand the other way to do it You can put the http_access with the acl before the http_access allow_ntlm and it should work? --- Mark Elsen [EMAIL PROTECTED] wrote: Is it possible to have my ntlm users go around 1 domain? We can't seem to get a state web site (which uses a weird front end to it's client... but it ends up on the web) to go through the proxy. When we sniff the traffic locally, it is popping up a 407, but their isn't anyway to log in. I tried to put an acl and http_access higher in the list in the .conf, but that didn't seem to matter? It would have been more productive to show that line, which you put for that domain in squid.conf, offhand probably it should resemble something like this : acl ntlm_go_around dstdomain name-excluded-domain ... http_access allow ntlm_go_around http_access allow ntlm_users (provided proxy AUTH ACL is named 'ntlm_users') M. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] no auth for one domain?
The dstdomain workaround works perfectly. I had a training site users needed to access that contained WMPlayer streams, and users couldnt hear the background speech and would get prompted for the userid/passwd. I did the following... 1st add a ACL for the domain. acl NTLM_Bypass dstdomain foobar.com Then allow the domain access, then the Authorized Users http_access allow NTLM_Bypass http_access allow AuthorizedUsers - Original Message - From: nairb rotsak [EMAIL PROTECTED] To: Mark Elsen [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Friday, February 24, 2006 3:57 PM Subject: Re: [squid-users] no auth for one domain? We ended up using AD Group policy to not go through the proxy for that site... not ideal, but just to make sure I understand the other way to do it You can put the http_access with the acl before the http_access allow_ntlm and it should work? --- Mark Elsen [EMAIL PROTECTED] wrote: Is it possible to have my ntlm users go around 1 domain? We can't seem to get a state web site (which uses a weird front end to it's client... but it ends up on the web) to go through the proxy. When we sniff the traffic locally, it is popping up a 407, but their isn't anyway to log in. I tried to put an acl and http_access higher in the list in the .conf, but that didn't seem to matter? It would have been more productive to show that line, which you put for that domain in squid.conf, offhand probably it should resemble something like this : acl ntlm_go_around dstdomain name-excluded-domain ... http_access allow ntlm_go_around http_access allow ntlm_users (provided proxy AUTH ACL is named 'ntlm_users') M. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2/24/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2/24/2006
[squid-users] no auth for one domain?
Is it possible to have my ntlm users go around 1 domain? We can't seem to get a state web site (which uses a weird front end to it's client... but it ends up on the web) to go through the proxy. When we sniff the traffic locally, it is popping up a 407, but their isn't anyway to log in. I tried to put an acl and http_access higher in the list in the .conf, but that didn't seem to matter? I got that idea because after reading the FAQ, it sounded like that is how you do it? Thanks! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] no auth for one domain?
Is it possible to have my ntlm users go around 1 domain? We can't seem to get a state web site (which uses a weird front end to it's client... but it ends up on the web) to go through the proxy. When we sniff the traffic locally, it is popping up a 407, but their isn't anyway to log in. I tried to put an acl and http_access higher in the list in the .conf, but that didn't seem to matter? It would have been more productive to show that line, which you put for that domain in squid.conf, offhand probably it should resemble something like this : acl ntlm_go_around dstdomain name-excluded-domain ... http_access allow ntlm_go_around http_access allow ntlm_users (provided proxy AUTH ACL is named 'ntlm_users') M.
Re: [squid-users] no auth for one domain?
Reading this, would it be possible to not require AUTH for a certain MIME header? http_access allow header_type http_access allow ntlm_users (provided proxy AUTH ACL is named 'ntlm_users') Sorry for butting in, just wondering.. Thanks - Original Message - From: Mark Elsen [EMAIL PROTECTED] To: nairb rotsak [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Thursday, February 23, 2006 7:44 PM Subject: Re: [squid-users] no auth for one domain? Is it possible to have my ntlm users go around 1 domain? We can't seem to get a state web site (which uses a weird front end to it's client... but it ends up on the web) to go through the proxy. When we sniff the traffic locally, it is popping up a 407, but their isn't anyway to log in. I tried to put an acl and http_access higher in the list in the .conf, but that didn't seem to matter? It would have been more productive to show that line, which you put for that domain in squid.conf, offhand probably it should resemble something like this : acl ntlm_go_around dstdomain name-excluded-domain ... http_access allow ntlm_go_around http_access allow ntlm_users (provided proxy AUTH ACL is named 'ntlm_users') M. -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.0.0/267 - Release Date: 2/22/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.0.0/267 - Release Date: 2/22/2006
Re: [squid-users] no auth for one domain?
Reading this, would it be possible to not require AUTH for a certain MIME header? No because in that case, the object (webserver)-header info has, to be looked at, if it has been received from the remote server (already). M.