[squid-users] Acl List Order

Hi All,

Could anyone help me sort the order of my ACL lists?
I wish do do the following :

Allow Authenticated Users to access the net (This is working OK)
Restrict "restrictedusers_allowedurls" to only some sites listed in that
file.
Block all other access.

Here's the ACL's.

acl all src 0.0.0.0/0.0.0.0
acl intranet src 192.168.100.17/255.255.255.255 # intranet machines
acl Authenication proxy_auth REQUIRED
acl locnet src 192.168.0.0/255.255.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80-81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl allowedurls dstdomain "/etc/squid/restrictedusers_allowedurls"
acl restrictedusers src 192.168.100.45/255.255.255.255

#http_access allow unrestrictedusers
#http_access allow locnet

http_access allow Authenication

debug_options ALL,1 33,2

http_access allow allowedurls restrictedusers
http_access deny bad_browser
http_access allow windowsupdate
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow intranet
http_access deny all
http_reply_access allow all
icp_access allow all

>>>>>>>>>>>>

Some info from the logs tells me why it's passing through ut i'm not
sure how to execute both Auth methods.

2005/09/07 18:46:24| The request GET http://website.com/ItLog/ is
ALLOWED, because it matched 'Authenication'
2005/09/07 18:46:24| The reply for GET http://website.com/ItLog/ is
ALLOWED, because it matched 'all'
2005/09/07 18:46:24| The request GET
http://website.com/collo_includes/style.css is ALLOWED, because it
matched 'Authenication'
2005/09/07 18:46:24| The request GET
http://website.com/collo_includes/sorttable.js is ALLOWED, because it
matched 'Authenication'
2005/09/07 18:46:24| The request GET
http://website.com/collo_includes/validation.js is ALLOWED, because it
matched 'Authenication'
2005/09/07 18:46:24| The request GET
http://website.com/ItLog/ITCollotype.jpg is ALLOWED, because it matched
'Authenication'
2005/09/07 18:46:24| The request GET
http://website.com/collo_includes/bg_image.gif is ALLOWED, because it
matched 'Authenication'
2005/09/07 18:46:30| The request GET http://www.google.com/ is ALLOWED,
because it matched 'Authenication'
2005/09/07 18:46:31| The reply for GET http://www.google.com/ is
ALLOWED, because it matched 'all'
2005/09/07 18:46:31| The request GET http://www.google.com.au/ is
ALLOWED, because it matched 'Authenication'
2005/09/07 18:46:31| The reply for GET http://www.google.com.au/ is
ALLOWED, because it matched 'all'

Any help would be greatly appreciated.

Cheers, Mark.
Received on Wed Sep 07 2005 - 05:05:45 MDT