4

I have a working Squid with authentication. How do I temporarily disable authentication? Can I just comment out the following lines below from squid.conf:

acl ncsa_users proxy_auth REQUIRED

And

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialstt1 2 hours
auth_param basic casesensitive off

Or, can I just disable authentication for an acl group?

Thank you in advance

KamilCuk
  • 120,984
  • 8
  • 59
  • 111
Johann
  • 923
  • 2
  • 8
  • 16

5 Answers5

3

I solved it.. I just commented out

#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd

and then commented out acl ncsa_users proxy_auth REQUIRED

#acl ncsa_users proxy_auth REQUIRED

acl ncsa_users dst 10.244.0.0/16 all

Then restarted squid

I hope someone may find this useful.

Johann
  • 923
  • 2
  • 8
  • 16
1

Try with:

Comment:

#acl ncsa_users proxy_auth REQUIRED
#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd auth_param basic
#children 5 auth_param basic realm Squid proxy-caching web server auth_param basic  
#credentialstt1 2 hours auth_param basic casesensitive off

And modify:

http_access deny all

to:

http_access allow all
Jose Carlos Ramos Carmenates
  • 2,649
  • 1
  • 37
  • 54
0

This worked for me, only defined IP allowed to use squid

######################## Begin SQUID Config ########################
dns_v4_first on
dns_nameservers 8.8.8.8 8.8.4.4
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl Safe_ports port 1-65535 # unregistered ports
acl allowed_user1 src  182.0.0.0/12  all
acl allowed_user2 src  182.1.0.0/12 all
acl allowed_user3 src  114.120.0.0/12  all
acl allowed_user4 src  114.124.0.0/12  all
acl allowed_user5 src  114.125.0.0/12  all
acl allowed_user6 src  114.127.0.0/12  all
acl allowed_user7 src  202.3.0.0/12  all
acl CONNECT method CONNECT
http_port 8080
http_access allow allowed_user1
http_access allow allowed_user2
http_access allow allowed_user3
http_access allow allowed_user4
http_access allow allowed_user5
http_access allow allowed_user6
http_access allow allowed_user7

# visible_hostname 192.168.1.1
### disable cache ###
cache deny all
### Anonymizing traffic ###
forwarded_for delete
request_header_access X-Forwarded-For deny all
request_header_access Via  deny all
############## END squid3 CONFIG ###################
Fthr
  • 769
  • 9
  • 10
0
#file /etc/squid/squid.conf

#squid version  3.5.27
#operating system ubuntu 18.4
#last update 20201221

#cloud aws ec2

#aws ec2 security group all traffic open inbound and outbound
http_access allow all

http_port 3128

acl SSL_ports port 443
acl Safe_ports port 80      # http

acl Safe_ports port 21      # ftp

acl Safe_ports port 443     # https

acl Safe_ports port 70      # gopher

acl Safe_ports port 210     # wais

acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http

acl Safe_ports port 591     # filemaker

acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT

http_access allow localhost manager
http_access allow localhost

coredump_dir /var/spool/squid

refresh_pattern ^ftp:       1440    20% 10080

refresh_pattern ^gopher:    1440    0%  1440

refresh_pattern -i (/cgi-bin/|\?) 0 0%  0

refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880

refresh_pattern .       0   20% 4320
quine9997
  • 685
  • 7
  • 13
0

In my case this option is disabled by default, and it works

#acl ncsa_users proxy_auth REQUIRED
Alfred
  • 9
  • 3