To allow an ip without authentication, with authentication as failback, add the following in your squid.conf file;
1
2
acl remotehost src 87.112.223.112
acl ncsa_users proxy_auth REQUIRED
This will allow 87.112.223.112 to connect without authentication and otherwise will prompt for a username / password pair.
proxy.pac file
Create a file named proxy.pac and put it in a location accessible externally (/var/www/html/). Alternatively create a new config file to have a url (proxy.somedomain.com) direct to that area and file.
In the file, place details such as that shown below;
1
2
3
4
5
6
7
8
9
10
11
function FindProxyForURL(url, host) {
if (isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "192.168.1.0", "255.255.255.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
return "PROXY proxyserver.example.com:3333";
}
This will send everything to the proxy server except for hosts in the range 192.168.10.0.
To reflect changes in the pac file, it may be necessary to clear the browser cache and restart the browser.
e2 troubleshooting
- origin
- squid server
- e2guardian server - forwards to squid server
- squid.pac - filters out local ips, redirects to squid for remainder
- e2.pac - filters out local ips, sends to e2 for remainder, which then goes via squid
| Via | e2 log | squid log |
|---|---|---|
| squid | origin | |
| e2 | origin | e2 |
| squid.pac | origin | origin |
| e2.pac | ?? | ?? |