View Single Post
Old 22nd January 2013, 00:11
asb2204 asb2204 is offline
Junior Member
Join Date: Jan 2013
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Cannot bypass authentication for squid proxy using ncsa


I have recently deployed a squid proxy server v3.1 with qlproxy content filtering. It is running on a centos 6 box with webmin.

Works great, except i cannot by pass authentication for some websites which do not work via simple authentication such as windows activations and myob company file validations.

I am using ncsa for authentication

here is a post of the squid.conf. Any assistance would be greatly appreciated. the how tos on this site rock btw!


# qlproxy settings added by adrian for content scanning
icap_enable on
icap_preview_enable on
icap_preview_size 4096
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_service qlproxy1 reqmod_precache bypass=0 icap://
icap_service qlproxy2 respmod_precache bypass=0 icap://
adaptation_access qlproxy1 allow all
adaptation_access qlproxy2 allow all

# Recommended minimum configuration:
acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
# acl localnet src # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

# added by adrian to bypass auth on certain domains

acl whitelist dstdomain "/etc/squid/whitelist.txt"
acl http proto http
acl port_80 port 80
acl port_443 port 443

# rules allowing non-authenticated users
http_access allow http port_80 whitelist
http_access allow CONNECT port_443 whitelist

# --------------------------------------------------------------

# NCSA configuration for authentication added by adrian

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Acoustic Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

# ------------------------------------------------------------

# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$


So when I open my internet browser as google as home page it does not ask for username and password. I can search google as well and see search results without user/pw. but when I goto or it always asks for pw when I I do not want it to.

As I will also need to do microsoft activations via the proxy./

Please assist.

Kind Regards
Reply With Quote
Sponsored Links