Abdul-Azeez wrote:
>
> Hi Henrik,
>
> The two groups will be differentiated by login names.
And this is what confuses me as you only have one proxy_auth acl
defined.. you will need two.
I would probably use something like this:
# Limit access to our networks only
acl our_networks src ....
http_access deny !our_networks
# All users must log in
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
deny_info authenticated ERR_HOW_TO_CHANGE_PASSWORD
# No users may share their login/password with others
acl more_than_1_ip max_user_ip -s 1
http_access deny more_than_1_ip
deny_info more_than_1_ip ERR_DO_NOT_SHARE_PASSWORD
# vip_users allowed always
acl vip_users proxy_auth "/path/to/vip_users"
http_access allow vip_users
# all other users only allowed during non-office hours
acl office_hours 08:00-17:00
http_access deny !office_hours
deny_info office_hours ERR_NO_ACCESS_DURING_OFFICE_HOURS
http_access allow authenticated
# last resort, deny all access (should never be reached but..)
http_access deny all
Regards
Henrik
Received on Fri Jan 03 2003 - 04:29:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:26 MST