Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 23 November 2024, 11:37:04 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Domains only whitelist without authentication and blacklists with group auth.
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Domains only whitelist without authentication and blacklists with group auth.  (Read 13638 times)
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« on: Friday 24 September 2010, 05:36:35 am »

In version 2.2 there is a proxy option to write some domains that can be reached without authentication.
In version 2.4 this option is removed because the interface is rearranged to allow multiple profiles and multiple access policies where the construction allows to disable authentication.
So, I suppose, the only way to put on a domains whitelist is to insert these domains in the whitelist custom fields and forbid in the blacklist custom field all top-level domains.
But this rule, if evaluated first in an access policy, prevents further evaluations and the browser do not ask for authentication.
If this rule is evaluated last then browser asks always for authentication so the whitelisted domains cannot be reached without authentication.
The solution, in my opinion, is to restore the field present in the authentication page in version 2.2 but I don't know where to find the code.
Another way is to modify the squid.conf directly but it isn't a clean way.

If anyone has tried a different solution to this problem I'm glad to know it.

Prof. Davide Cottignoli
Istituto Geometri Ravenna, Italia
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #1 on: Friday 24 September 2010, 07:46:23 am »

Ooops, I got stupid.
I do not investigate enough the access policy dialog which show a drop down box to the destination: in this box I can type the destination domain in the form with a starting dot. For example:
.istruzione.it
.libero.it
Note that, in the content filtering dialog, when you put on a whitelist or blacklist the starting dot is NOT needed.

In this mode I can use authentication disabled and no content filtering: this lead to the result I obtained in version 2.2

Thanks to all.

Prof. Davide Cottignoli
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com