On Thu, 4 Mar 1999 14:12:21 +0100 Per.E.Berger@telia.se wrote:
> Hi gang!
>
> I have searched for this one and cannot find it... However I am sure
> the answer is somewhere out there but as my brain is a bit fried at the
> moment because of too much work I thought I'd ask you all with your
> minds still intact... :-)
>
> I have installed ncsa_auth. I want to use it to force users from a
> specific subnet to provide user/pass but no one else should need to.
>
> How do I write the ACL:s? I have ncsa_auth up and running...
acl authnet src 192.168.1.0/255.255.255.0
acl noauthnet src 192.168.0.0/255.255.0.0
acl passwdauth proxy_auth REQUIRED
http_access allow authnet passwdauth
http_access allow noauthnet
http_access deny all
The first allows access if the client is on 'authnet' and the
'passwdauth' password checking rule is OK.
The second allows access if the client is anywhere on the more general
'noauthnet', without password checking.
(I presume squid denies access if the password bit fails in the first
rule? And won't proceed on to allow it at the second rule? If not, I
guess you have to stick a rule in between 1 and 2 called 'http_access
deny authnet'.)
- Bob
----------------------------------------------------------------------------
The Day Today ... because FACT times IMPORTANCE equals NEWS!
----------------------------------------------------------------------------
Bob "Mince" Franklin ~{], CNE ;), MCSE ;) Tel. (0118) 931 8432
Systems and Communications Fax. (0118) 975 3094
IT Services R.C.Franklin@reading.ac.uk
University of Reading, U.K. http://www.reading.ac.uk/~suq96rcf/
----------------------------------------------------------------------------
Received on Thu Mar 04 1999 - 08:37:53 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:08 MST