proposing auth acl change..

From: Robert Collins <robertc@dont-contact.us>
Date: 13 Feb 2003 08:45:47 +1100

Currently auth acl's in accelerator setups (ie:

acl foo proxy_auth foo bar
..
http_access allow foo
http_access deny !foo restrictedip
...
)

when AUTH_ON_ACCELERATION is not defined force an access line match
failure.

i.e. the second http_access line above *fails* to match even though foo
is not authenticated, and thus could be reasonably expected to match
that line.

I propose we change the auth matching code to be a) more consistent with
other acl code, and thus more predictable, by allowing the second line
above to match. We'd still dump verbose messages to the cache.log though
:}.

Thoughts? Objections?

Rob

-- 
GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.

Received on Wed Feb 12 2003 - 14:45:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:15 MST