Re: [squid-users] proxy_auth

From: <Jim_Brouse/PYT@dont-contact.us>
Date: Wed, 19 May 2004 13:40:22 -0700

I tried the following but what is happening now is all users that are
logged on with Microsoft AD usernames are being granted access to webpages
even though there are not in the acl.users acl, and the reason in cache.log
is because username matched all.

I have http_access allow all commented out with a "#"

Jim

                                                                                                                                              
                    Henrik
                    Nordstrom To: Jim_Brouse/PYT@PASCUAYAQUITRIBE.ORG
                    <hno@squid-cac cc: squid-users@squid-cache.org
                    he.org> Subject: Re: [squid-users] proxy_auth
                                                                                                                                              
                    05/03/2004
                    02:46 PM
                                                                                                                                              
                                                                                                                                              

On Mon, 3 May 2004 Jim_Brouse/PYT@PASCUAYAQUITRIBE.ORG wrote:

> I do have proxy auth working to access any page with the following:
>
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access allow all AuthorizedUsers
>
> Below is the acl settings to allow only one user to one particular site.
> acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain
> acl acl.users proxy_auth /etc/squid/acl/acl.users
> http_access allow acl.dstdomain
> http_access allow acl.users
> http_access deny acl.users

I think you want

http_access allow acl.dstdomain acl.users
http_access deny acl.users

See the Squid FAQ chapter 10 for details if unsure what the difference is.

In addition you need "quotes" around the filenames.. if not Squid reads
what you have wrote literally (i.e. the filename instead of the contents
of the file).

Regards
Henrik
Received on Wed May 19 2004 - 14:40:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT