Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 22nd January 2013, 01:11
asb2204 asb2204 is offline
Junior Member
Join Date: Jan 2013
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Cannot bypass authentication for squid proxy using ncsa


I have recently deployed a squid proxy server v3.1 with qlproxy content filtering. It is running on a centos 6 box with webmin.

Works great, except i cannot by pass authentication for some websites which do not work via simple authentication such as windows activations and myob company file validations.

I am using ncsa for authentication

here is a post of the squid.conf. Any assistance would be greatly appreciated. the how tos on this site rock btw!


# qlproxy settings added by adrian for content scanning
icap_enable on
icap_preview_enable on
icap_preview_size 4096
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_service qlproxy1 reqmod_precache bypass=0 icap://
icap_service qlproxy2 respmod_precache bypass=0 icap://
adaptation_access qlproxy1 allow all
adaptation_access qlproxy2 allow all

# Recommended minimum configuration:
acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src # RFC1918 possible internal network
acl localnet src # RFC1918 possible internal network
# acl localnet src # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

# added by adrian to bypass auth on certain domains

acl whitelist dstdomain "/etc/squid/whitelist.txt"
acl http proto http
acl port_80 port 80
acl port_443 port 443

# rules allowing non-authenticated users
http_access allow http port_80 whitelist
http_access allow CONNECT port_443 whitelist

# --------------------------------------------------------------

# NCSA configuration for authentication added by adrian

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Acoustic Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

# ------------------------------------------------------------

# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$



So when I open my internet browser as google as home page it does not ask for username and password. I can search google as well and see search results without user/pw. but when I goto www.microsoft.com or www.myob.com.au it always asks for pw when I I do not want it to.

As I will also need to do microsoft activations via the proxy./

Please assist.

Kind Regards
Reply With Quote
Sponsored Links
Old 22nd January 2013, 11:41
thctlo thctlo is offline
Junior Member
Join Date: Jun 2006
Posts: 9
Thanks: 2
Thanked 1 Time in 1 Post

Hai, add this to your squid.conf and put it before your auth !

## Windows Updates
acl windowsupdate dstdomain .download.windowsupdate.com
acl windowsupdate dstdomain .windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain .microsoft.com
acl wuCONNECT dstdomain .microsoft.com
http_access allow CONNECT wuCONNECT our_networks
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate our_networks
http_access allow windowsupdate localhost

and dont forget to correct the 'our_networks' and if needed the localhost.
Reply With Quote
Old 23rd January 2013, 02:58
asb2204 asb2204 is offline
Junior Member
Join Date: Jan 2013
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts

hello, and thankyou for your assistance.

The way I am testing this is setting for example microsoft.com as my home page in internet explorer.

But when i open internet explorer it is still requesting a username and password.

This should not be the case correct? This means that it is still requesting authenthication for a site which we have requested to by pass.

Any ideas? Could it be the QL proxy content filtering that I have at the beginning of the squid conf?
Reply With Quote


authentication, cent os 6, proxy, squid

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SASL LOGIN authentication failed Captain Installation/Configuration 4 13th March 2012 21:07
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 01:15
strange fail2ban behaviour > doesn't ban specific IP Djamu Server Operation 2 13th January 2012 03:29
Fail2ban configuration Captain Installation/Configuration 2 28th June 2011 20:48
Mod_Perl Configuration Issue szise Installation/Configuration 4 28th November 2008 13:41

All times are GMT +2. The time now is 22:19.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.