SQUID: How to disable authentication?

4
votes

I have a working Squid with authentication. How do I temporarily disable authentication? Can I just comment out the following lines below from squid.conf:

acl ncsa_users proxy_auth REQUIRED

And

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialstt1 2 hours
auth_param basic casesensitive off

Or, can I just disable authentication for an acl group?

Thank you in advance

4
linuxauthenticationsquid

4 Answers

3
votes

I solved it.. I just commented out

#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd

and then commented out acl ncsa_users proxy_auth REQUIRED

#acl ncsa_users proxy_auth REQUIRED

acl ncsa_users dst 10.244.0.0/16 all

Then restarted squid

I hope someone may find this useful.

1
votes

Try with:

Comment:

#acl ncsa_users proxy_auth REQUIRED
#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd auth_param basic
#children 5 auth_param basic realm Squid proxy-caching web server auth_param basic  
#credentialstt1 2 hours auth_param basic casesensitive off

And modify:

http_access deny all

to:

http_access allow all
0
votes

This worked for me, only defined IP allowed to use squid

######################## Begin SQUID Config ########################
dns_v4_first on
dns_nameservers 8.8.8.8 8.8.4.4
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl Safe_ports port 1-65535 # unregistered ports
acl allowed_user1 src  182.0.0.0/12  all
acl allowed_user2 src  182.1.0.0/12 all
acl allowed_user3 src  114.120.0.0/12  all
acl allowed_user4 src  114.124.0.0/12  all
acl allowed_user5 src  114.125.0.0/12  all
acl allowed_user6 src  114.127.0.0/12  all
acl allowed_user7 src  202.3.0.0/12  all
acl CONNECT method CONNECT
http_port 8080
http_access allow allowed_user1
http_access allow allowed_user2
http_access allow allowed_user3
http_access allow allowed_user4
http_access allow allowed_user5
http_access allow allowed_user6
http_access allow allowed_user7

# visible_hostname 192.168.1.1
### disable cache ###
cache deny all
### Anonymizing traffic ###
forwarded_for delete
request_header_access X-Forwarded-For deny all
request_header_access Via  deny all
############## END squid3 CONFIG ###################
-1
votes

#file /etc/squid/squid.conf

#squid version 3.5.27

#operating system ubuntu 18.4

#last update 20201221

#cloud aws ec2

#aws ec2 security group all traffic open inbound and outbound

http_access allow all

http_port 3128

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow localhost manager

http_access allow localhost

coredump_dir /var/spool/squid

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|?) 0 0% 0

refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880

refresh_pattern . 0 20% 4320