[squid-users] Rf. : Re: [squid-users] authenticate users not in IPrange only from Yannick MASSE/INFO/FR/DELMAS on 2003-02-06 (squid-users)

From: Yannick MASSE/INFO/FR/DELMAS <masse@dont-contact.us>
Date: Thu, 6 Feb 2003 15:23:27 +0100

Thanks for your help.
I just forgot tu write a rule between user in MyNetwork and users to be
authenticated. Here is my squid.conf that work now :)

> #============================================
> acl MyNetwork src 172.16.10.1-172.16.10.255
>
> acl GoodSites dstdomain .google.com .yahoo.com ...
>
> http_access allow MyNetwork GoodSites
>
> acl MyComputer src 172.16.10.1
> http_access allow MyComputer all
##############################
http_access deny MyNetwork all
##############################
> #User to authenticate
> acl auth_user proxy_auth foo bar
> http_access allow auth_user GoodSites
> http_access deny auth_user all
>
> #deny all others
> http_access deny all
> #============================================

Henrik Nordstrom <hno@squid-cache.org>
06/02/2003 14:40

        Pour : Yannick MASSE/INFO/FR/DELMAS <masse@delmasexport.com>
        cc : squid-users@squid-cache.org
        Objet : Re: [squid-users] authenticate users not in IPrange only

Veryfy your http_access rules. Keep in mind that it is a ordered list of
rules. The first http_access rule where all listed acls evaluate to true
determines if the request is to be allowed or denied.

Regards
Henrik

tor 2003-02-06 klockan 14.11 skrev Yannick MASSE/INFO/FR/DELMAS:
> I want to authenticate users who are not in a IP range.
>
> here is my squid.conf
> #============================================
> acl MyNetwork src 172.16.10.1-172.16.10.255
>
> acl GoodSites dstdomain .google.com .yahoo.com ...
>
> http_access allow MyNetwork GoodSites
>
> acl MyComputer src 172.16.10.1
> http_access allow MyComputer all
>
> #User to authenticate
> acl auth_user proxy_auth foo bar
> http_access allow auth_user GoodSites
> http_access deny auth_user all
>
> #deny all others
> http_access deny all
> #============================================
>
> The problem is:
> all user in My network are prompted with user/password except MyComputer
> If I set "http_access allow MyComputer all" to "http_access allow
> MyComputer GoodSites" then MyComputer is prompt to athenticate too!
> Why users in my IP range are prompt for auth?
>
> I'm running squid 2.4 stable4 on Linux Mandrake 8.2 with squid_auth_ldap

> helper program
>
>
> thanks and reagrds
>
> Yannick

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden

Received on Thu Feb 06 2003 - 07:24:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:16 MST