Hi everybody
I've installed squid on a Sparc box running SunOS 5.5.1. I configured
access control so that requests from our own subnet and password authorized
requests from elsewhere are possible. My problem: the acces control works
well on squid 2.0.PATCH2, but doesn't on 2.2.STABLE3.
The important parts of the config file:
# Authentication programm
authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd
# this is default
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 70 1025-65535
acl CONNECT method CONNECT
# now my stuff
acl password proxy_auth 300
acl prozessinformatik src 134.106.8.0/255.255.255.0
acl porn url_regex "/usr/local/squid/etc/porn"
acl notporn url_regex "/usr/local/squid/etc/notporn"
# defaults again
http_access deny manager !localhost
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
#
# some stuff I don't like to be cached
http_access allow notporn prozessinformatik
http_access allow notporn password
http_access deny porn
#
# on own subnet?
http_access allow prozessinformatik
#
# valid password?
http_access allow password
#
# kick the rest out
http_access deny all
When accessing squid from "outside", the usual username/password request
comes up. The NCSA-authentication works, but even after entering the
correct values, I get an acces denied by squid, which is the last (default)
rule.
So, none of the http_access rules is firing except the last. I know that
password acceptance should be the last, but commenting out the first
occurance doesn't change anything (and that's what I expected as far as I
understood the way squid works).
I've tried this out with the default configuration just changed on acces
control, so I don't think I could have messed up something else elsewhere.
I've searched the documentation and the (very good) FAQ as well as release
notes, but didn't find anything mentioned about some syntactical or seman-
tical changes on ACL. Although I think there will be many of you using squid
on Solaris systems, I neither found questions about it in the searchable
mailing list archive. I'd like to know wether someone of you had similar
problems, or could give me a hint about a place to start to trace down the
problem.
I hope I haven't overseen something obvious, either in my configuration
or the FAQ/etc.
Thanks in advance,
Jörg Cassens
-- Dipl.-Inform. Joerg Cassens Abteilung Prozessinformatik Carl von Ossietzky Universitaet Raum A2 2-223 Fachbereich Informatik Telefon +49 441 798-5176 D-26111 Oldenburg Telefax +49 441 798-2196 http://condor.informatik.uni-oldenburg.de/cassens/Received on Tue Jun 01 1999 - 11:37:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:42 MST