JORDAN.HRYCAJ@lhsystems.com wrote:
>
> Hi,
> as I see, the problem with the "proxy_auth <username> ..."
> acl type occurs, when you apply it to "cache_peer_access".
> Consider a client connecting to squid without an
> authentication header.
Yes. To use proxy_auth ACL for cache_peer_access you must
first use it in a http_access check.
The cache_peer_access check is done at a place in Squid where
it is beleived that all information about the request is known.
> Maybe I am wrong or there is another way to specify the acl
> type I consider. Any idea?
Construct you ACL rules in such a way that cache_peer_access does not
rely on a proxy_auth ACL, unless http_access does it as well.
# Some sites are completely free with or without authentication
# (i.e. local sites)
acl free_access dst 1.2.3.0/255.255.255.0
http_access allow free_access
# All other sites requires proxy authentication
acl all_users proxy_auth REQUIRED
http_access deny !all_users
or
http_access allow all_users
# Only VIP users are allowed to fetch objects from peer1
cache_peer_access deny !vip_users
--- Henrik Nordstrom Spare time Squid hackerReceived on Mon Nov 16 1998 - 16:28:23 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:06 MST