[NTLUG:Discuss] Allowing URLs in squid was (no subject)

Chris Cox cjcox at acm.org
Thu Aug 8 22:38:29 CDT 2002 

Carroll E. McCarroll wrote:
> Does anyone know how to bypass a Squid cache using a password protected 
> url, etc.  I want to be able give certain users the ability to bypass the 
> proxy for problem urls.
> 
> TIA :)

Create an ACL defining a file containing "safe" urls.
Create a special rule.

This doesn't "bypass" the proxy... the only way to do
that is if the client has another way out and you
can configure it on the client... this does avoid
the user having to issue a password to make the
connect through the proxy though (which I think
was what was truly being asked for).

The example below is a bit messy... especially the
blocked/unblocked thing... but it works.
In particular you want to see the password rules
and the Allowed_URLs stuff... but it helps to see
the rule stack and referenced acls.

Notice how we allow the Allowed_URLs and localhost
without authentication.  After filtering out all
of the mandatory nasties... we have a rule for
allowing with a password (basically for everything
that is not Allowed and stuff that we flat out
Deny or block).

For example:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

acl password proxy_auth REQUIRED
acl Block_ads url_regex .*doubleclick.*|.*bfast.com|.*/ads/.*|//ad\.*
acl blockedsites url_regex -i "/etc/squid/block.txt"
acl unblockedsites url_regex -i "/etc/squid/unblock.txt"
acl Denied_URLs url_regex -i "/etc/squid/denied.txt"
acl Allowed_URLs url_regex -i "/etc/squid/allow.txt"

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
http_access allow Allowed_URLs
http_access deny Block_ads
http_access deny Denied_URLs
http_access deny blockedsites !unblockedsites
http_access allow password
http_access allow all

More information about the Discuss mailing list