Re: [squid-users] Priblem with ACL -max_user_ip & deny_info

Hmm.. can you please describe in detail what it is you are trying to do.
You seem to be using a mix of authentication and IP based acls.

Regards
Henrik

Abdul-Azeez wrote:
>
> Hi Henrik,
>
> thanks, I tried your suggestion ie
> "http_access deny imsd-users multiple-login-normal"
>
> But I am now being CONSTANTLY denied access and the following lines are
> written to
> my cache.access file.
>
> 2002/12/31 17:34:30| The request GET http://www.yahoo.com/ is DENIED,
> because it
>
> matched 'imsd-users'
>
> 2002/12/31 17:34:30| The reply for GET http://www.yahoo.com/ is ALLOWED,
> because
>
> it matched 'all'
>
> 2002/12/31 17:34:34| The request GET http://www.yahoo.com/ is DENIED,
> because it
>
> matched 'all-cib-staff'
>
> 2002/12/31 17:34:34| The reply for GET http://www.yahoo.com/ is ALLOWED,
> because
>
> it matched 'all'
>
> abdul
>
> ----- Original Message -----
>
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: "Abdul-Azeez" <azeez@citizensbankng.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Tuesday, December 31, 2002 1:57 PM
> Subject: Re: [squid-users] Priblem with ACL -max_user_ip & deny_info
>
> > This is because max_user_ip requires the user to log in in order to
> > identify the user, so when the user is required to log in the acl who
> > denied them access anonymously was "multiple-login-normal".
> >
> > You should be able to use
> >
> > http_access deny imsd-users multiple-login-normal
> >
> > to get around this.
> >
> > Regards
> > Henrik
> >
> > Abdul-Azeez wrote:
> > >
> > > Hi all ,
> > > I am running squid2.5 STABLE1. and I use proxy_auth to authenticate my
> > > users.
> > > I also used the "max_user_ip -s" to limit login from more than one
> computer
> > > and this work's well. I want users who attempt to break this second rule
> > > to see a custom message but it seems to work funnily.
> > >
> > > The custom message is now displayed both when a user enters a wrong
> password
> > > (or
> > > none at all) and when multiple login is attempted from 2 PCs.
> > > Part of my ACL are shown below
> > > .
> > > acl multiple-login-normal max_user_ip -s 1 # max no. of login by user
> from
> > > diff. IP addresses
> > > .
> > > acl all-cib-staff src 128.1.0.0/16 #all users in the in CIB
> > > .
> > > acl imsd-users proxy_auth REQUIRED # users in systems dept.
> > > .
> > > acl working-hours time MTWHF 08:00-17:00 # official bank working hours
> > > .
> > > .
> > > deny_info mult-log-normal multiple-login-normal
> > > http_access deny multiple-login-normal
> > > http_access allow all-cib-staff !working-hours
> > > http_access allow imsd-users
> > > http_access deny all-cib-staff
> > > .
> > >
> > > Can someone please tell me what I am doing wrong? Or suggest better
> > > ACL lines to implement my plan.
> > >
> > > Abdul
> >
Received on Thu Jan 02 2003 - 08:44:09 MST