http_access is read top->down, left->right, stopping at the first line
that matches. And processing cannot pass a proxy_auth ACL until a valid
(according to the backend) username+password is entered.
So yes, order is very important here.
In your configuration most likely only the first three lines are used,
assuming password is a proxy_auth ACL.
-- Henrik Nordstrom Squid hacker Mark Worsdall wrote: > > Hi, > > Can anyone explain the order/precedence of allow and deny. > > i.e. if I have denied a time 1st but after that have an allow time, > should not the allow overide the deny time? > > http_access deny deniedsites > http_access allow allowedsites > http_access allow password > http_access deny amTime > http_access deny pmTime > http_access deny weTime > http_access deny midTime > http_access allow structuredTime > http_access allow itclubTime > http_access allow resourceTime nunneym > http_access allow noporn all > http_access deny porn > http_access allow all > > -- > He came from Econet - Oh no, I've run out of underpants :( > Home:- jaydee@wizdom.org.uk http://www.wizdom.org.uk > Shadow:- webmaster@shadow.org.uk http://www.shadow.org.uk > Work:- netman@hinwick.demon.co.uk http://www.hinwick.demon.co.uk > Web site Monitoring:- http://www.shadow.org.uk/SiteSight/ > > -- > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Tue Oct 17 2000 - 22:23:46 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:46 MST