I have a squid configuration that works very nicely on my home network.
I use ident for authentication and I do understand the implications of
that. My problem comes with Fedora Core.
FC1 was compiled with --enable-ident-lookups whereas FC2 isn't. So now
when I upgrade squid my ident setup is broken. This is itself isn't too
much of a problem becuase I just rebuild it with --enable-ident-lookups.
My question is regarding the behaviour of the acls when ident isn't
recognised. In the config below, because adults isn't valid, it seems to
just ignore that acl and allow based on homenet. Is it possible to
change my configuration in some way so that any acl with an error is
ignored completely or some other way of setting things up so that it
fails safe ?
2004/11/25 22:05:15| parseConfigFile: line 1758 unrecognized:
'ident_lookup_access allow homenet'
2004/11/25 22:05:15| squid.conf line 1759: acl adults ident mike jane
2004/11/25 22:05:15| aclParseAclLine: Invalid ACL type 'ident'
2004/11/25 22:05:15| squid.conf line 1760: acl children ident mary jo
2004/11/25 22:05:15| aclParseAclLine: Invalid ACL type 'ident'
2004/11/25 22:05:15| squid.conf line 1765: http_access allow homenet adults
2004/11/25 22:05:15| aclParseAccessLine: ACL name 'adults' not found.
2004/11/25 22:05:15| squid.conf line 1766: http_access allow homenet
children safe_domain
2004/11/25 22:05:15| aclParseAccessLine: ACL name 'children' not found.
#http_access allow our_networks
acl homenet src 192.168.1.0/24
#acl adults proxy_auth mike jane
#acl children proxy_auth mary jo
ident_lookup_access allow homenet
acl adults ident mike jane
acl children ident mary jo
acl safe_domain dstdomain "/etc/squid/whitelist.txt"
#authenticate_program /usr/lib/squid/pam_auth
http_access allow homenet adults
http_access allow homenet children safe_domain
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
Received on Thu Nov 25 2004 - 15:37:44 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST