Your http_access lines is an ordered list of rules. The first rule that
applies to the request tells if it is allowed or denied.
To make complex rules you list more than one acl on each line. Each acl
then have to be true for that specific rule to apply.
Regards
Henrik
mån 2003-01-13 klockan 15.04 skrev Bob Avery-Babel:
> Good Morning all!
>
> Last friday I set up squid for the first time. I defined some access rules
> and they seemed to work fine. Here is what they look like:
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl mynetwork src 192.168.0.0/24
> acl workmachine src 207.xxx.xxx.xxx
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
>
> http_access allow localhost
> http_access allow mynetwork
> #http_access allow workmachine
> # And finally deny all other access to this proxy
> http_access deny all
>
> I could deny or allow access to my work machine here at work. If I allowed
> it then I could use the cache. If I commented it out, like above, I would
> get the cache denied page. Cool.
>
> So last night I put in some authentication lines:
>
> authenticate_program /usr/bin/smb_auth -W PARADISE
> acl domainusers proxy_auth REQUIRED
> http_access allow domainusers
>
> Now, even with my proxy supposedly denying my work machine I'm getting a
> username and password prompt. If I enter in a proper username and password
> combo I'm in.
>
> How does this authentication override the rule that says I can't connect
> from my work IP?
>
> Any advice would be greatly appreciated.
>
> Thanks,
>
> Bob
>
Received on Mon Jan 13 2003 - 10:33:41 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:39 MST