Skip to content

Mix Authenticated and Non Authenticated Proxy Users

Question: We are trying to achieve the following scenario - a group of servers needs to access only specific set of URLs and all other proxy users need to be authenticated and filtered by different policies based on their Active Directory group membership. Is it possible?

Answer: Yes this is possible and can be achieved by the following configuration.

  1. Enable proxy authentication in Admin UI / Squid / Auth, for more information see this help article. This setting will require all proxy users to authenticate.
  2. Identify your servers somehow, usually this is done by keeping IP addresses of your servers in the same subnet. Let it be subnet 192.168.4.0/24 for our example.
  3. Exclude given server subnet from authentication in Admin UI / Squid / Exclusions / by Subnet IP. This allows connections from the server subnet to the proxy to be non-authenticated.
  4. Add the server subnet to the Admin UI / Web Filter / Policies / Locked Policy / Members by Subnet. Configure the locked policy as needed allowing connections to a handful of web sites and blocking all others as you desire.
  5. Configure other policies by Active Directory group memberships as required.
  6. Click Save and Restart in the Admin UI.

The connections from server subnet will not be authenticated and will be filtered by the Locked policy. All other connections will be authenticated and filtered by configured policies. Exactly as required.