Re: proposing auth acl change..

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 13 Feb 2003 03:13:56 +0100

Fully agree.

Regards
Henrik

Robert Collins wrote:
>
> Currently auth acl's in accelerator setups (ie:
>
> acl foo proxy_auth foo bar
> ..
> http_access allow foo
> http_access deny !foo restrictedip
> ...
> )
>
> when AUTH_ON_ACCELERATION is not defined force an access line match
> failure.
>
> i.e. the second http_access line above *fails* to match even though foo
> is not authenticated, and thus could be reasonably expected to match
> that line.
>
> I propose we change the auth matching code to be a) more consistent with
> other acl code, and thus more predictable, by allowing the second line
> above to match. We'd still dump verbose messages to the cache.log though
> :}.
>
> Thoughts? Objections?
>
> Rob
>
> --
> GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
>
> ------------------------------------------------------------------------
> Name: signature.asc
> signature.asc Type: application/pgp-signature
> Description: This is a digitally signed message part
Received on Wed Feb 12 2003 - 19:26:53 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:15 MST