Re: [SQU] auth problems

From: Olano, Kenny Kris <Olano_Kenny@dont-contact.us>
Date: Thu, 8 Mar 2001 08:51:08 -0500

So would this be correct if i wanted the user proxyUSER to be only
allowed to go to *.colstate.edu and to *.ebsco.com??
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

acl proxyUSER proxy_auth REQUIRED
acl ebsco dstdomain .ebsco.com
acl colstate dstdomain .colstate.edu
acl BAD dst 0.0.0.0/0.0.0.0

http_access allow proxyUSER

http_access allow proxyUSER ebsco colstate
http_access deny proxyUSER BAD
> Date: Thu, 8 Mar 2001 10:36:55 +1000 (EST)
> From: Colin Campbell <sgcccdc@citec.qld.gov.au>
> To: "Olano, Kenny Kris" <Olano_Kenny@colstate.edu>
> Cc: <squid-users@ircache.net>
> Subject: Re: [SQU] auth problems

> Hi,
>
> This is a FAQ. The order of the application of ACLs is important. Squid
> behaves as follows:
>
> http_access acl AND acl AND ...
> or
> http_access acl AND acl AND ...
> or
> http_access acl AND acl AND ...
> ...
>
> It also stops at the first match.
>
> So, from your list, only the first three http_access lines ever will be
> used. If someone is going to ebsco, they pass else if they're going to
> colstate they pass else they go nowhere because the "http_access deny BAD"
> catches all other destinations. No further http_access lines will be
> checked.
>
> Colin
>
> On Wed, 7 Mar 2001, Olano, Kenny Kris wrote:
>
> > I am having problems trying to get the password box to popup in the
> > client's browser but no password box comes up. Here is my code
> > Please tell me if i am doing something wrong.
> >
> >
> > acl ebsco dstdomain .ebsco.com
> > acl colstate dstdomain .colstate.edu
> > acl BAD dst 0.0.0.0/0.0.0.0
> >
> > http_access allow ebsco
> > http_access allow colstate
> > http_access deny BAD
> >
> > http_access allow localhost
> > acl proxyUSER proxy_auth REQUIRED
> >
> >
> > http_access allow proxyUSER
> > http_access deny all
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Mar 08 2001 - 13:59:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:34 MST