Re: [squid-users] Priblem with ACL -max_user_ip & deny_info

Hi Henrik,

thanks, I tried your suggestion ie
"http_access deny imsd-users multiple-login-normal"

But I am now being CONSTANTLY denied access and the following lines are
written to
my cache.access file.

2002/12/31 17:34:30| The request GET http://www.yahoo.com/ is DENIED,
because it

matched 'imsd-users'

2002/12/31 17:34:30| The reply for GET http://www.yahoo.com/ is ALLOWED,
because

it matched 'all'

2002/12/31 17:34:34| The request GET http://www.yahoo.com/ is DENIED,
because it

matched 'all-cib-staff'

2002/12/31 17:34:34| The reply for GET http://www.yahoo.com/ is ALLOWED,
because

it matched 'all'

abdul

----- Original Message -----

From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Abdul-Azeez" <azeez@citizensbankng.com>
Cc: <squid-users@squid-cache.org>
Sent: Tuesday, December 31, 2002 1:57 PM
Subject: Re: [squid-users] Priblem with ACL -max_user_ip & deny_info

> This is because max_user_ip requires the user to log in in order to
> identify the user, so when the user is required to log in the acl who
> denied them access anonymously was "multiple-login-normal".
>
> You should be able to use
>
> http_access deny imsd-users multiple-login-normal
>
> to get around this.
>
> Regards
> Henrik
>
> Abdul-Azeez wrote:
> >
> > Hi all ,
> > I am running squid2.5 STABLE1. and I use proxy_auth to authenticate my
> > users.
> > I also used the "max_user_ip -s" to limit login from more than one
computer
> > and this work's well. I want users who attempt to break this second rule
> > to see a custom message but it seems to work funnily.
> >
> > The custom message is now displayed both when a user enters a wrong
password
> > (or
> > none at all) and when multiple login is attempted from 2 PCs.
> > Part of my ACL are shown below
> > .
> > acl multiple-login-normal max_user_ip -s 1 # max no. of login by user
from
> > diff. IP addresses
> > .
> > acl all-cib-staff src 128.1.0.0/16 #all users in the in CIB
> > .
> > acl imsd-users proxy_auth REQUIRED # users in systems dept.
> > .
> > acl working-hours time MTWHF 08:00-17:00 # official bank working hours
> > .
> > .
> > deny_info mult-log-normal multiple-login-normal
> > http_access deny multiple-login-normal
> > http_access allow all-cib-staff !working-hours
> > http_access allow imsd-users
> > http_access deny all-cib-staff
> > .
> >
> > Can someone please tell me what I am doing wrong? Or suggest better
> > ACL lines to implement my plan.
> >
> > Abdul
>
Received on Thu Jan 02 2003 - 00:26:13 MST