OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: gridstop on August 29, 2022, 03:42:45 pm
-
I have squid setup in a simple forward proxy configuration. I have a short whitelist, a blacklist of *, and that's it. Everything works as expected without authentication enabled. When I turn on authentication though, the authenticated users ignore the blacklist and can access any domain. The unauthenticated users can only access the whitelist still. My goal was to have authentication required all the time but still enforce the white & black lists. Is this not possible?
I don't know enough about squid.conf to say, but it looks right to me if it short-circuit evaluates, since these commands appear in this order:
acl local_auth proxy_auth REQUIRED
http_access allow whiteList
http_access deny blackList
<snip>
http_access allow local_auth
I guess because we hit the allow whitelist before the allow local_auth, it doesn't care if they're authorized? Any easy way to make it deny everyone who isn't in local_auth? I assume no matter what the GUI isn't going to do what I want and I have to manually modify squid.conf from now on.