authorization

From: pascal tscharner <pascal.tscharner@dont-contact.us>
Date: Wed, 10 Mar 1999 18:22:56 +0100

Hi

We've got problems with proxy_auth..
We're trying to limit ftp access. First we've defined a acl for the ftp
protocol(ftpget) and a user-list (ftp_drop).
The ftp_drop user-list contains one line (t820423). This user exists
also in the default list all_pass. If we try to access a ftp-site it
blocks it successfully. Now we change the entry in the ftp_drop file to
something else.
But squid still denies the ftp-requests...
Any help greatly appreciated.
by the way.. whats the difference between the acl type proxy_auth and
ident?

Cheers

Pascal

Here are the config and the debug output from the cache.log

squid.conf:

authenticate_program /opt/squid/bin/ncsa_auth /opt/squid/etc/dump
acl all_pass proxy_auth REQUIRED
acl ftp_drop proxy_auth "/opt/squid/etc/test"
acl ftpget proto FTP
http_access deny ftpget ftp_drop
http_access allow all_pass

cache.log:
1999/03/10 17:46:41| aclCheck: checking 'http_access deny ftpget
ftp_drop'
1999/03/10 17:46:41| aclMatchAclList: checking ftpget
1999/03/10 17:46:41| aclMatchAcl: checking 'acl ftpget proto FTP'
1999/03/10 17:46:41| aclMatchAclList: checking ftp_drop
1999/03/10 17:46:41| aclMatchAcl: checking 'acl ftp_drop proxy_auth
"/opt/squid/etc/test"'
1999/03/10 17:46:41| aclMatchProxyAuth: checking user 't820423'
1999/03/10 17:46:41| aclMatchProxyAuth: user 't820423' validated OK
1999/03/10 17:46:41| aclMatchAclList: returning 1

Received on Wed Mar 10 1999 - 10:29:58 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:12 MST