Re: Proxy Authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 08 May 2000 08:24:48 +0200

Jonathan Fortin wrote:

> authenticate_program /usr/local/bin/ncsa_auth /etc/squid/passwd
> acl all src 0.0.0.0/0.0.0.0
> acl office src 10.0.0.0/24
> acl proxy_users proxy_auth REQUIRED
> http_access allow office
> http_access allow proxy_users
> http_access deny all
>
> and it doesnt prompt me for password......

It will, if you access it outside the 10.0.0.0/24 network.

The logic for http_access (and other similar Squid directives) is:

ALLOW/DENY IF a AND b AND c AND ...
ELSE
ALLOW/DENY IF a AND b AND c AND ...
ELSE
...

The configuration you have made says

ALLOW IF source address is 10.0.0.0/24
ELSE
ALLOW authenticated users
ELSE
DENY everyone

You probably want

http_access allow office proxy_users
http_access deny all

or

http_access deny !office
http_access allow proxy_users

--
Henrik Nordstrom
Squid hacker
Received on Mon May 08 2000 - 00:44:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:24 MST