Re: [squid-users] smb_auth bypassing defined acl rules?

mån 2003-01-13 klockan 20.06 skrev Bob Avery-Babel:

> The acls define the parameters,
>
> and the http_access tags tell how to use the parameters, is that correct?

Correct.

> Henrik, I'm not sure what you mean by "To make complex rules you list more
> than one acl on each line."
>
> Can you give me an example of that, All of the acls I listed where
> one-liners...

acl limited_stations src...
acl allowed_sites dstdomain ...
http_access allow limited_stations allowed_sites
http_access deny limited_stations

 also, I'm not sure how to order these lists for proper
> operation. Here is how mine are ordered now. Are you saying the acls get
> read and applied first, so I need to move my acl domainusers to the bottom
> of the list instead so all of the other acls are applied first? or is it the
> http_access lists that are applied in order? Do I need to create another (or
> add on to the existing acl) acl that restricts domain users to my internal
> network so it won't give the prompt out to the wide open internet?
>
> acl domainusers proxy_auth REQUIRED
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl mynetwork src 192.168.0.0/24
> acl workmachine src 207.160.138.143
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
>
> http_access allow localhost
> http_access allow mynetwork
> http_access allow workmachine
> http_access allow domainusers
> http_access deny all
>
>
> ----------------------------------------------------------------------------
> ----------------------------------------
> > If i undesrtand correctly,
> > Try:
> >
> > http_access allow domainusers !workmachine
> >
> > Best regards,
> > Ilker G.
> >
>
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: "Bob Avery-Babel" <Bob@yellowbugcomputers.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Monday, January 13, 2003 11:33 AM
> Subject: Re: [squid-users] smb_auth bypassing defined acl rules?
>
>
> Your http_access lines is an ordered list of rules. The first rule that
> applies to the request tells if it is allowed or denied.
>
> To make complex rules you list more than one acl on each line. Each acl
> then have to be true for that specific rule to apply.
>
> Regards
> Henrik
>
>
Received on Mon Jan 13 2003 - 18:46:59 MST