On Fri, 11 Feb 2005, Oliver Hookins wrote:
> This could be a problem. So any program that chooses not to authenticate, or
> for some reason cannot authenticate (for example, it's not built-in) will be
> denied access?
Yes, as Squid needs the username to evaluate the acl.
> If we reversed the rules like this:
>
> http_access allow SURFING
> http_access allow allowedsites mynetwork
> http_access allow AuthGroup mynetwork
> http_access deny all
>
> that would force authentication for non-SURFING && non-allowedsites requests,
> right?
Right.
> I'm just thinking of server programs that download stuff but don't
> authenticate (in which case we would put them in the SURFING acl).
Like most people do.
Regards
Henrik
Received on Thu Feb 10 2005 - 16:00:39 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST