disabling auth for squid??

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • xxweekxx
    Confirmed User
    • Oct 2002
    • 6780

    #1

    disabling auth for squid??

    ok some guy setup squid but he is sleeping now. i want to disable the AUTH and make it not ask for username/password, cuz im getting this shitty error:

    D

    ClientIP: myip here
    ServerIP:

    HTTP Request:
    CONNECT / HTTP/1.0
    Authorization: Basic cHJveHltYW46YWJjMTIz
    Proxy-Authorization: Basic cHJveHltYW46YWJjMTIz

    instead of the page its supposed to open.. so i telneted and im looking at the squid.conf file. how do i disable authentication completely?
    _________________
    I am the best
  • GrouchyAdmin
    Now choke yourself!
    • Apr 2006
    • 12085

    #2
    Sounds like his authenticate_program is fucked up.

    Here's how.
    Code:
    acl all src 0/0
    http_access allow all
    I've done my 3 good deeds for the day; back to prickmode.

    Comment

    • xxweekxx
      Confirmed User
      • Oct 2002
      • 6780

      #3
      thanks grouchy. but that didnt work
      _________________
      I am the best

      Comment

      • GrouchyAdmin
        Now choke yourself!
        • Apr 2006
        • 12085

        #4
        You're gonna have to take off the rest of the ACLs. I have no idea how your config is setup.

        Comment

        • xxweekxx
          Confirmed User
          • Oct 2002
          • 6780

          #5
          i removed the acls, did squid restart.. still asking for password
          _________________
          I am the best

          Comment

          • GrouchyAdmin
            Now choke yourself!
            • Apr 2006
            • 12085

            #6
            *noncommital shrug* - can't say much without seeing the config.

            Your best course of action is to page/wake your normal admin - it shits me when people completely break stuff and it takes me hours to fix when if they called me I could have done what they wanted in minutes. ;)

            Put the old file back and ask them to disable auth for ya.

            Comment

            • xxweekxx
              Confirmed User
              • Oct 2002
              • 6780

              #7
              got it working.. i had to stop it and start it over.. i owe you 3 balboas(panama beer)

              one more dude.lol

              I disabled auth, im afraid people IP,port scannin can hit my stuff..

              is there a way i can make it so IPS I enable are apple to connect to that squid port?

              im afraid my stuff will be a public proxy by tomorrow.. is there like an easy line i can add.
              _________________
              I am the best

              Comment

              • GrouchyAdmin
                Now choke yourself!
                • Apr 2006
                • 12085

                #8
                Yes

                Change the ACLs. The below is for a single IP (yours). Find it at ipchicken.com.

                Code:
                acl all src 0/0
                acl me src my.ip.addr.here/32
                http_access allow me
                http_access deny all

                Comment

                • xxweekxx
                  Confirmed User
                  • Oct 2002
                  • 6780

                  #9
                  can i do more than 1 ip.. like

                  acl me src my.ip.addr.here/32
                  acl me src my.ip.addr.here2/32
                  acl me src my.ip.addr.here3/32

                  dude you seriously rock
                  _________________
                  I am the best

                  Comment

                  • GrouchyAdmin
                    Now choke yourself!
                    • Apr 2006
                    • 12085

                    #10
                    Yeah, but it'd be easier to do the whole CIDR subnet

                    acl me 4.2.2.1/24 would allow 4.2.2.1-4.2.2.254.

                    Comment

                    • xxweekxx
                      Confirmed User
                      • Oct 2002
                      • 6780

                      #11
                      Originally posted by GrouchyAdmin
                      Yeah, but it'd be easier to do the whole CIDR subnet

                      acl me 4.2.2.1/24 would allow 4.2.2.1-4.2.2.254.
                      problem is im using different ips in different servers.

                      i have one IP in 66.

                      another ip in 72.x

                      so no way
                      _________________
                      I am the best

                      Comment

                      • GrouchyAdmin
                        Now choke yourself!
                        • Apr 2006
                        • 12085

                        #12
                        Then, yeah, that's fine. You can have multiple /32 ACLs

                        I'd suggest you relabel them though:

                        Code:
                        acl all src 0/0
                        acl home src my.ip.addr.here/32
                        acl office src my.ip.addr.here/32
                        acl server src my.ip.addr.here/32
                        http_access allow home
                        http_access allow office
                        http_access allow server
                        http_access deny all
                        Makes dealing with it a lot easier.

                        Reason why it didn't take w/o a reload was it was probably still getting a HIT (cache hit); restarting it invalidated the cache. Some startup scripts will do this for a reload, some don't.

                        Comment

                        • xxweekxx
                          Confirmed User
                          • Oct 2002
                          • 6780

                          #13
                          haha yeah it works now =) i feel safer..

                          no login/pass, and i enable only my iPS, plus im using a very high port..

                          dude i owe you one.. whenever you come down here to panama or you come to NY when im here ill buy you some beer and if you want i can get you a colombian whore =)

                          thanks man.. really..cheers
                          _________________
                          I am the best

                          Comment

                          • GrouchyAdmin
                            Now choke yourself!
                            • Apr 2006
                            • 12085

                            #14
                            Hahaha - not sure when I'll be in either Panama or NY; Beer costs more in NY though. I remember it being like $0.75/bottle in Bocas. I may be a whore but I don't work that cheap! ;)

                            Comment

                            • xxweekxx
                              Confirmed User
                              • Oct 2002
                              • 6780

                              #15
                              lol well yeah beer is cheap in panama.... well a whore is like 80$-$100 . so not that cheap... fake tits/ass for the win.lmao..
                              _________________
                              I am the best

                              Comment

                              Working...