Re: [squid-users] ident_lookup_access

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 17 Dec 2001 15:24:37 +0100

ident_lookup_access controls the background ident lookup performed by Squid,
independently of access controls.

If http_access needs to evaluate a ident type ACL, then Squid will also make
sure an ident lookup has been performed on the connection, regardless of your
ident_lookup_access setting.

What you probably want is the default

ident_lookup_access deny all

and http_access masking the ident ACL check with a src ACL check.

http_access allow ident_aware_hosts ident_users

(to speed up the ident, you may want to ident_lookup_access allow
ident_aware_hosts)

Regards
Henrik Nordström

On Monday 17 December 2001 17.29, Weronicaain@yahoo.com wrote:

> acl ident_aware_hosts src 172.16.1.23/255.255.255.255
> ident_lookup_access allow ident_aware_hosts
> ident_lookup_access deny all
>
> The above rule does not work as expeced( IP 23 can surf and others can't)
>
> Should I set http_acces rules along with ....

-- 
MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Mon Dec 17 2001 - 07:24:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:22 MST