Solved

Allow specific hosts/IPs to bypass Squid authentication

Posted on 2009-05-12
3
3,387 Views
Last Modified: 2013-11-22
Is it possible to have an entry in the Squid.conf that would allow a specific host/IP to bypass NTLM authentication?

Currently all users surf the web an authenticate via NTLM to the Active Directory.  My problem is that I have a copier that we'd like setup for scan-to-email using an external SMTP server but the copier doesn't allow proxy configurations.
0
Comment
Question by:leadwave
3 Comments
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 500 total points
ID: 24371517
Add the site to a file called /etc/squid/whitelist

In the squid.conf file add the following:

acl whitelist dstdomain "/etc/squid/whitelist"
http_access allow whitelist

Make sure the http_access is before your ntlm authentication line.  Restart squid and you should be good.
0
 

Author Comment

by:leadwave
ID: 24373421
Thanks, I'll give that a try.
0
 
LVL 1

Expert Comment

by:joobz
ID: 25323595
leadwave, Another alternative is to just bypass Squid all together for this particular host.

Presuming you are routing the traffic to Squid via IPTables Prerouting - before your Prerouting rule that does the Squid redirect, just add something like..

> iptables -t nat -I PREROUTING -i eth0 -s <printer_ip> -p tcp --dport 25 -j ACCEPT

Benefit of this is it will keep the load away from Squid (though minor, it's not necessary for it to hit Squid).
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now