Suresh Ganu wrote:
> acl all src 0.0.0.0/0.0.0.0
> acl timerange time 06:00-20:30
> acl password proxy_auth REQUIRED
> acl bigboss src 15.128.8.200/0.0.0.0
Remove /0.0.0.0 from bigboss.. as written it effectively maches "all".
> Squid1.1.20 did exactly according to my goals.
I doubt it did, but if you say so. If it did then it didn't work
properly.
> Squid2.2 asks for password but does NOT verify workbees source IP addresses!
True. A "proxy_auth REQUIRED" ACL either matches the request, or asks
for authentication.
> ident_lookup_access does not seem to work.
Are you sure? Do you see ident requests being sent to other hosts than
workbees?
(ident_lookup_access is not an access control, it controls if an ident
lookup should be performed or not).
> What is the solution or the difference?
Read up on Squids ACL functions.
Squid reads http_access lines top to bottom, and if every acl mentioned
on the http_access line matches then the http_access line as a whole
matches the request.
What you probably want is something like this:
# Allow bigboss access at all times without any password
http_access allow bigboss
# Allow authenticated workbees access during "office" hours
http_access allow workbees password timerange
# Deny all other
http_access deny all
-- Henrik Nordstrom Spare time Squid hackerReceived on Fri Jun 11 1999 - 16:11:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:51 MST