On 31/05/11 22:22, Vipul Gupta wrote:
> Hello All,
>
> I am a new-be here. I am creating two acl's one for hosts and another
> with users. The config is given below
>
> acl AuthUser proxy_auth REQUIRED
>
> acl allowedHost src "/etc/squid/guard/privileged/testRule-ip"
> acl allowedUser proxy_auth "/etc/squid/guard/privileged/testRule-user"
> acl max_con maxconn 50
> http_access deny allowedHost allowedUser max_con
> deny_info ERR_TOOMANY_CONN allowedHost allowedUser max_con
deny_info takes *one* name for the ACL whose deny match will display it.
> http_reply_access allow allowedHost allowedUser
> http_access allow allowedHost allowedUser
Those two lines do the same thing. You do not need to check the reply if
the request is already validated the same.
>
> http_access allow AuthRequred
> http_reply_access allow all
> http_access deny all
>
>
>
> The value of acls are:
> allowedHost: 10.10.100.10, 10.10.100.20
> allowedUser: test1, test2
>
> Everything else is blocked. The problem is I want only allowedUser to
> access internet from allowedHost, But I am able to access internet
> from other hosts also using same user names.
Due to "http_access allow AuthRequred" - anyone who can login is allowed.
Use this:
deny_info ERR_TOOMANY_CONN max_con
http_access deny !allowedHost
http_access deny max_con
http_access deny !AuthRequred
http_access allow allowedUser
http_access deny all
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2Received on Tue May 31 2011 - 14:39:52 MDT
This archive was generated by hypermail 2.2.0 : Tue May 31 2011 - 12:00:03 MDT