Re: [squid-users] http_access and proxy_auth from Henrik Nordstrom on 2006-11-03 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Fri, 03 Nov 2006 11:46:30 +0100

fre 2006-11-03 klockan 08:06 +0100 skrev Mark Elsen:

> > -----------------------------------------------------------------------
> > acl my_auth proxy_auth REQUIRED
> > acl google dstdomain .google.com
> > http_access allow my_auth
> > http_access deny google my_auth
> > http_access deny all
> >
> > In this case if the user requests www.google.com then the second
> > http_access line matches and triggers re-authentication. Remember: it's
> > always the last ACL on a http_access line that "matches".
> > -----------------------------------------------------------------------
>
> No, it's the first ACL on a http_access line that matches,
> in your case, the 2 last ones will never be reached.

The section is talking about deny_info and text is correct but the
config example broken for the reasons mentioned..

For deny_info it's the last acl on the http_access deny line that
matches.

In http_access it's the first http_access line matching the request that
tell if the request is allowed or denied. The rest of the http_access
lines is never reached.

Regards
Henrik

application/pgp-signature attachment: Detta är en digitalt signerad meddelandedel

Received on Fri Nov 03 2006 - 03:46:38 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST