Cannot bypass authentication for squid proxy using ncsa

[asb2204]

Hi,

I have recently deployed a squid proxy server v3.1 with qlproxy content filtering. It is running on a centos 6 box with webmin.

Works great, except i cannot by pass authentication for some websites which do not work via simple authentication such as windows activations and myob company file validations.

I am using ncsa for authentication

here is a post of the squid.conf. Any assistance would be greatly appreciated. the how tos on this site rock btw!


squid.conf
_____________________________________________


# qlproxy settings added by adrian for content scanning
icap_enable on
icap_preview_enable on
icap_preview_size 4096
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_service qlproxy1 reqmod_precache bypass=0 icap://127.0.0.1:1344/reqmod
icap_service qlproxy2 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod
adaptation_access qlproxy1 allow all
adaptation_access qlproxy2 allow all


# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines



acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# added by adrian to bypass auth on certain domains

acl whitelist dstdomain "/etc/squid/whitelist.txt"
acl http proto http
acl port_80 port 80
acl port_443 port 443
acl CONNECT method CONNECT

# rules allowing non-authenticated users
http_access allow http port_80 whitelist
http_access allow CONNECT port_443 whitelist



# --------------------------------------------------------------

# NCSA configuration for authentication added by adrian

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Acoustic Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

# ------------------------------------------------------------



#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost


http_access allow manager localhost


http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

___________________________


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$

whitelist.txt

.google.com.au
.myob.com.au
.microsoft.com
.quintolabs.com




So when I open my internet browser as google as home page it does not ask for username and password. I can search google as well and see search results without user/pw. but when I goto www.microsoft.com or www.myob.com.au it always asks for pw when I I do not want it to.

As I will also need to do microsoft activations via the proxy./

Please assist.

Kind Regards