Hi
We've got problems with proxy_auth..
We're trying to limit ftp access. First we've defined a acl for the ftp
protocol(ftpget) and a user-list (ftp_drop).
The ftp_drop user-list contains one line (t820423). This user exists
also in the default list all_pass. If we try to access a ftp-site it
blocks it successfully. Now we change the entry in the ftp_drop file to
something else.
But squid still denies the ftp-requests...
Any help greatly appreciated.
by the way.. whats the difference between the acl type proxy_auth and
ident?
Cheers
Pascal
Here are the config and the debug output from the cache.log
squid.conf:
authenticate_program /opt/squid/bin/ncsa_auth /opt/squid/etc/dump
acl all_pass proxy_auth REQUIRED
acl ftp_drop proxy_auth "/opt/squid/etc/test"
acl ftpget proto FTP
http_access deny ftpget ftp_drop
http_access allow all_pass
cache.log:
1999/03/10 17:46:41| aclCheck: checking 'http_access deny ftpget
ftp_drop'
1999/03/10 17:46:41| aclMatchAclList: checking ftpget
1999/03/10 17:46:41| aclMatchAcl: checking 'acl ftpget proto FTP'
1999/03/10 17:46:41| aclMatchAclList: checking ftp_drop
1999/03/10 17:46:41| aclMatchAcl: checking 'acl ftp_drop proxy_auth
"/opt/squid/etc/test"'
1999/03/10 17:46:41| aclMatchProxyAuth: checking user 't820423'
1999/03/10 17:46:41| aclMatchProxyAuth: user 't820423' validated OK
1999/03/10 17:46:41| aclMatchAclList: returning 1
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:12 MST