[squid-users] priority rules in squid.conf

From: Riccardo Castellani <r.castellani_at_usl6.toscana.it>
Date: Mon, 22 Nov 2010 13:01:08 +0100

I'm trying to use AD LDAP authentication but I have to keep backward
compatibility for computers which are in workgroups.
I'd like permit Internet access according to IP ADDRESS listed in file
'per_ip' (for workgroup PC) and others by AD LDAP authentication (MS domain

My problem is understanding Squid behaviour where there is AD LDAP
authentication, that is when


1- acl videosp req_mime_type -i ^application/x-shockwave-flash$
2- acl audiosp rep_mime_type -i ^application/x-mms-framed
3- acl emmepitre url_regex ^http://.*\.mp3
4- acl onlyforip src "/etc/squid/per_ip"
5- acl ldap-auth proxy_auth REQUIRED

6- http_access deny audiosp
7- http_access deny videosp
8- http_access deny emmepitre

9- http_access allow onlyforip
10- http_access allow ldap-auth accesso_esclusivo_ip_pc
11- http_access allow localhost
12- http_access deny all

For precedence of evaluating rules, when I open my browser, what rule does
Squid analyze ?

I think rule 6, but how Squid knows if client have to use LDAP
Authentication or to look at in the file 'onlyforip' to grant Internet
access for IP Address ?
I think Squid first has to look at the rules 9 and 10, so I think there is
priority of rules which is not dependent from rules sequence ?!

I'd like solve my doubt
Received on Mon Nov 22 2010 - 12:00:46 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 22 2010 - 12:00:03 MST