Krzysztof Szewczyk wrote:
>
> This is still not the answer for my question, sorry.
> If I do:
>
> acl intranet dst 10.40.0.0/255.255.0.0
> acl friends dst 10.30.0.0/255.255.0.0
> acl foo proxy_auth REQUIRED
>
> http_access allow intranet
> http_access allow friends
> http_access allow foo
>
> then WHAT I should to force users to logon if they ask for url (this host
> is in friends network) with '/apps/foo'
Start by writing down exact list if what you want to allow/deny, written
in plain english propositions with no "except" clauses (instead order
them with exceptions first), then translate it literally to http_access
and required acl directives
Example:
I want to allow everyone access to the intranet
I want users to log in to access /apps/foo in my friends network
Anything else is forbidden
acl intranet dst 10.40.0.0/255.255.0.0
http_access allow intranet
acl login proxy_auth REQUIRED
acl foo urlpath_regex ^/apps/foo
acl friends dst 10.30.0.0/255.255.0.0
http_access allow login foo friends
http_access deny all
Note: For technical reasons, the foo http_access rule is better written
"http_access allow friends foo login", as proxy_auth ACL's have the side
effect of requiring the user to log in if the ACL is even touched by
http_access.
> Maybe this is not possible to achive with Squid?
Everything is possible vith Squid ;-)
Regards
Henrik Nordström
Squid Hacker
Received on Tue Oct 23 2001 - 07:29:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:04 MST