Problem with complex ACL s

From: Paul Hedderly <bungle@dont-contact.us>
Date: Fri, 26 Nov 1999 11:51:08 +0000

I'm fairly new to getting my hands dirty with squid config, and I've
hit upon a problem.

I want to only allow a groups of machines to access the proxy
when they have done user authentication and the URL is not in
my porn.acl... or it _is_ in the notporn.acl

My acls are

        acl usermachines src x.x.x.x/255.255.0.0
        acl authenticate proxy_auth REQUIRED
        acl porn url_regex "/opt/squid/etc/porn.acl"
        acl notporn url_regex "/opt/squid/etc/notporn.acl"

Now I can do:
        http_access deny porn !notporn
        http_access allow usermachines authenticate

And everything is happy except that when a site is denied - the logs
don't show _who_ was denied!

So.. I'm trying:
        http_access allow usermachines authenticate !porn notport

But notporn isn't catchall... I really need something like:
        http_access allow usermachines authenticate (!porn notporn)

I guess I could do:
        http_access deny usermachines authenticate porn !notporn
        http_access allow usermachines authenticate

which should give me usernames in the DENIED log lines - but at the
expense of running the authentication stuff twice.

Perhaps that's acceptable...
Any ideas anyone?
--Paul

Received on Fri Nov 26 1999 - 06:39:27 MST

This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT