Re: [squid-users] Rules problem

From: Carlo Filippetto <>
Date: Tue, 10 Jul 2012 11:37:23 +0200

2012/7/10 Amos Jeffries <>:
> On 10/07/2012 8:22 p.m., Carlo Filippetto wrote:
>> Hi all,
>> I need to create a rules where some users, logged in with ntlm, must
>> be restrictet only in few sites.
>> I tried something as:
>> acl RESTRICTED_USER proxy_auth "/etc/squid/restricted_user.allow"
>> acl RESTRICTED_WEB dstdomain "/etc/squid/"
>> http_reply_access allow RESTRICTED_WEB RESTRICTED_USER
>> http_reply_access deny all RESTRICTED_USER
> The magic ACL "all" only means something when its on the end (right hand
> side) of the line.
> By placing "all" on the end of a line containing authentication ACLs you
> prevent login challenge from being done by *that* line.
> Also note that by doing these restructions on *reply* access, it means the
> user/clients details have already been sent to the remote website for
> processing. Only the remote websites reponse is blocked from delivery to the
> client. NTLM could be doing some very strange thinsg with its multiple
> requests.
> There is no reason why these rules cannot be done in http_access where it
> is safer and NTLM cannot have such dangerous side effects. I suggest moving
> them and seeing what improves.

I tried to use http_access but in this case on every page I tried to
access out of the restriscted ones I receive an authentication
request, and it isn't a good thing

Now I remove the 'all' from the second "http_reply_access" line and
seems works fine.

Thank's for the explanation on the use of "http_reply_access", but I
don't know another command that block the sites and don't asks for

>> It work, but other user seems are affected with continuos
>> authentication request.
> By "user" what do you mean other already logged in *users*? or non-login
> *clients*?
> Amos

First of all I authenticate all the users, only a list of these users
can't serf on the web but is limited as above.


Received on Tue Jul 10 2012 - 09:37:52 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 10 2012 - 12:00:02 MDT