4

My Squid HTTP proxy works fine with authentication. Here is the config:

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm test-proxy
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off

But I want that my locally running applications which use the proxy don't have to authenticate. How to disable authentication for requests from localhost?

Witek
  • 1,433
  • 3
  • 14
  • 16

3 Answers3

4

Something like

acl localhost src 127.0.0.1
acl auth proxy_auth REQUIRED
http_access allow localhost auth

should do the trick.

womble
  • 95,029
  • 29
  • 173
  • 228
  • Some versions would fail using two values on http_access directive, so you should specify one per line and should work. Tested. – m3nda Jun 26 '15 at 18:46
3

As said long time ago, that will not work for most (modern) versions.

acl localhost src 127.0.0.1
http_access allow localhost
acl auth proxy_auth REQUIRED
http_access allow auth

The proxy_auth will catch every src/group not allowed, so, the config seems to need to be setup step-by-step.

Create group, allow or not, Create another group, allow or not, etc.

In modern squid3 releases, internet, localhost and all groups are builtin and will make you became crazy. Every time that a config fails, use squid3 -d 10 to know exactly what's the problem.

m3nda
  • 161
  • 5
0

Better still - don't proxy for local requests - this is easily set up in browser config, group policy, proxy.pac etc. - there is generally no real case for local proxying.

Tom Newton
  • 4,021
  • 2
  • 23
  • 28
  • You may want to configure your proxy and ask for auth only external users. That's not about to use or not the proxy to make localhost queries. Example: You buy a vps and install squid3 to it. You want external users to be asked for auth, but if use vnc into your server, you don't want to be asked for proxy auth (cuz it's your own proxy, you're on the same machine, no need to auth) – m3nda Feb 04 '17 at 16:35