Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid 2.5pre7

>From: Henrik Nordström <hno@squid-cache.org>
>To: "Marco Berizzi" <pupilla@hotmail.com>
>CC: squid-users@squid-cache.org
>Subject: Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid
>2.5pre7
>Date: Wed, 12 Jun 2002 19:42:21 +0200
>
>Marco Berizzi wrote:
>
> > > > XXX aclMatchUserMaxIP returned 0, somebody make sure
> > > > the username gets logged to access.log
> > > > XXX if it works, tell dewvelopers to remove this message
> > >
> > >So did it?
> >
> > No. Currently in access.log I don't see any message
> > about this. My debug_options is debug_options ALL,1
>
>debug_options has nothing to do with access.log.
>
>If you see the above message, then there SHOULD be a corresponding request
>logged in access.log, and if everything is working the way it should it
>should be a TCP_DENIED/401 (or maybe TCP_DENIED/407) with a username
>logged.

ok, sorry. I didn't understood you. In access.log the entry exists.

>
> > This morning I have tried to login from two different NT workstation.
> > I can browse the internet (IE5.x,6) from both altenatively. I press
> > the refresh button twice and I can browse the internet from wks X,
> > then I try from wks Y and I get access denied, I press refresh twice
> > and voila. This shouldn't happens because I have set the
> > authenticate_ip_ttl to three hours. Am I doing anything wrong?
> > This option is working well with Squid24S6.
> > It seem to me the option authenticate_ip_ttl isn't working
> > properly.
>
>authenticate_ip_ttl seems to work just the way it should from what you
>describe, but maybe max_user_ip is not working...
>
>authenticate_ip_ttl alone will just make it annoying to browse from more
>than
>one station. Combined with max_user_ip it should be impossible to browse
>from
>more than one station.
>
>Regards
>Henrik

hmmmm. I don't understand. max_user_ip is working, because
I can't browse the internet from both wks at the same time,
only alternatively.
If the option authenticate_ip_ttl would be ok, I should
browse the internet alternatively from both wks, but I
should wait 10800 seconds, between the wks switch.
Now I can switch between the two wks in a couple of seconds,
not 3 hours.

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Received on Thu Jun 13 2002 - 03:16:08 MDT