Re: [squid-users] auth_param overrides http_access order

From: Daniel Appleby <dappleby@dont-contact.us>
Date: Mon, 20 Nov 2006 18:54:36 +1100

I was under the impression that if any of the conditions fail on a
http_access it proceed to the next rule.

If the url didnt match websitelist.conf then needsignon_acl would be false

If i click cancel on the auth window, the acl 'password' should be
false. which would mean the first http_access rule wouldn't pass.

And it should continue to the next http_access rule but it doesnt.
proxy_auth seems to stop you no mater what if you cancel it.

-Daniel

Mark Elsen wrote:
>> Hi Squid Users,
>>
>> I have a strange issue with auth_param. Basically what happends is if
>> the proxy prompts me for auth and i click cancel it give me access
>> denied when it shouldn't. For example:
>>
>> (the external program is defined in proxy_auth)
>>
>> acl password proxy_auth REQUIRED
>> acl needsignon_acl url_regex -i "/etc/squid/websitelist.conf"
>>
>> http_access allow password needsignon_acl
>> http_access allow all
>>
>> The above should still allow access even if the password acl returns
>> false.
>
> No , because http_access , interpreting stops on the first match.
> Your second http_access rule will never be reached.
>
> M.
>

-- 
-----------------------------------------------------------------------------
Daniel Appleby, Trainee Unix Administrator,
Information Technology Services Division,
Deakin University Geelong Victoria 3217 Australia.
Phone: 5227 8635
E-Mail: dappleby@deakin.edu.au
Website: http://www.deakin.edu.au/its/
Deakin University CRICOS Provider Code 00113B
Important Notice: The contents of this email transmission, including any attachments, are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents and any attachments is expressly prohibited. If you have received this transmission in error, please delete it and any attachments from your system immediately and advise the sender by return email or telephone.
Deakin University does not warrant that this email and any attachments are error or virus free. 
Received on Mon Nov 20 2006 - 00:54:33 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST