Try
http_access deny !my_auth
-----Original Message-----
From: Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
Sent: Thursday, November 02, 2006 11:18 PM
To: squid-users@squid-cache.org
Subject: [squid-users] http_access and proxy_auth
Hi,
I should know this but reading FAQ and things is just confusing me.
If we have:
acl authenticated proxy_auth REQUIRED
When would any http_access lines even get used if they appear after
something like:
http-access permit authenticated
I ask because my understanding is that anyone who has authenticated
would match this line and never go past it. If I'm not stupid and that
is in fact the case, then is the following, from
http://workaround.org/moin/HowSquidAclsWork, incorrect?
-----------------------------------------------------------------------
acl my_auth proxy_auth REQUIRED
acl google dstdomain .google.com
http_access allow my_auth
http_access deny google my_auth
http_access deny all
In this case if the user requests www.google.com then the second
http_access line matches and triggers re-authentication. Remember: it's
always the last ACL on a http_access line that "matches".
-----------------------------------------------------------------------
If the user has authenticated, when would the second or indeed the third
http_access line ever be reached?
Colin
-- Colin Campbell Unix Support/Postmaster/Hostmaster Citec +61 7 3227 6334Received on Fri Nov 03 2006 - 08:11:18 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST