On Wed, 18 Oct 2000, Mark Worsdall wrote:
> acl password proxy_auth 300
===
> Basically when you were asked to authenticate but then 403 access denied
> would come up, so I altered the last rule to:-
>
> http_access allow all
>
> But then you always got through even if it cut down the okTime.
Sorry, I might be completely mistaken as I don't know the specifics
of your authentication module. However, following the whole thread
I wondered what this 300 stands for. AFAIK in this context it means:
authenticate all users, accept only those with username '300'.
I'm under the strong impression that you just want:
acl password proxy_auth REQUIRED
and let you http_access rules alone, they look ok now.
Ok, I'd say the 'http_access allow manager localhost'
and the 'all' in 'http_access allow all okTime password noporn'
can be removed. In the first case the following 'http_access allow
manager' contains localhost anyway and the 'all' in the second
is always true anyway.
######
http_access allow manager # Do you really want this?
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#acl aclname src
http_access deny deniedsites
http_access deny porn
http_access allow okTime password noporn
http_access deny all
#######
Michael.
-- Michael Weller: eowmob@exp-math.uni-essen.de, eowmob@ms.exp-math.uni-essen.de, or even mat42b@spi.power.uni-essen.de. If you encounter an eowmob account on any machine in the net, it's very likely it's me. -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Oct 19 2000 - 01:43:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:48 MST