Solved

Allow specific hosts/IPs to bypass Squid authentication

Posted on 2009-05-12
3
3,466 Views
Last Modified: 2013-11-22
Is it possible to have an entry in the Squid.conf that would allow a specific host/IP to bypass NTLM authentication?

Currently all users surf the web an authenticate via NTLM to the Active Directory.  My problem is that I have a copier that we'd like setup for scan-to-email using an external SMTP server but the copier doesn't allow proxy configurations.
0
Comment
Question by:leadwave
3 Comments
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 500 total points
ID: 24371517
Add the site to a file called /etc/squid/whitelist

In the squid.conf file add the following:

acl whitelist dstdomain "/etc/squid/whitelist"
http_access allow whitelist

Make sure the http_access is before your ntlm authentication line.  Restart squid and you should be good.
0
 

Author Comment

by:leadwave
ID: 24373421
Thanks, I'll give that a try.
0
 
LVL 1

Expert Comment

by:joobz
ID: 25323595
leadwave, Another alternative is to just bypass Squid all together for this particular host.

Presuming you are routing the traffic to Squid via IPTables Prerouting - before your Prerouting rule that does the Squid redirect, just add something like..

> iptables -t nat -I PREROUTING -i eth0 -s <printer_ip> -p tcp --dport 25 -j ACCEPT

Benefit of this is it will keep the load away from Squid (though minor, it's not necessary for it to hit Squid).
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Viruses etc. and W8 and W10 12 80
PUP or Virus 6 74
How to harden IE & Firefox such that users cant uncheck the proxy 3 68
Ransomware and encrypted backups 5 113
12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now