Brian J. Murrell wrote:
> I'm trying to set up rules that limit particular people to particular
> time windows of use. So I have this:
>
> acl brian proxy_auth brian
> acl alice proxy_auth alice
> acl wkday-22-12 time MTWTF 22:00-23:59
> acl wkday-12-15 time MTWTF 00:00-15:00
> acl no_auth_sites foo.bar.com domain.org
>
> and then have some http_access rules:
>
> http_access deny alice wkday-12-15
> http_access deny alice wkday-22-12
> http_access allow no_auth_sites
>
> But it seems that I am getting a 407 trying to access foo.bar.com. If I
> move the "http_access allow no_auth_sites" before the lines for alice,
> I'm not required to authenticate.
>
> This does make sense I guess, since it wants to see if I am alice to
> decide if I should be prohibited.
>
> So I guess the question is, how can I write a set of rules that:
> * allow access to some sites without authentication[1]
> * prohibit access to everything if a particular user is trying to
> access outside of allowed times and
> * require proxy authentication for everything else
>
> Moving the "no_auth_sites" rules above the "alice" rules is not an
> option because that would violate the second requirement.
>
> Upon review of my three points, it doesn't seem possible, but I wonder
> if I am missing something.
>
So you want to allow access to a site without requiring authentication,
except if it's a certain person? That would be quite the impressive
feat. Authentication by clairvoyance... :o)
> Thanx,
> b.
>
> [1] i.e. for computer maintenance -- where computers don't have accounts
> for proxy access -- or worse, applications that don't support proxy
> authentication)
>
>
Chris
Received on Mon Mar 05 2007 - 18:07:59 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 31 2007 - 13:00:01 MDT