I'm having a hard time composing acls that work. I'm hoping someone can
help. Thanks for the previous tips, I am a little further. :-)
I set up smb_auth to track connections by user name. That works very well.
squid prompts for a username and password.
The problem is, that I can configure an external browser outside of the
network to use the proxy and I get a username and password prompt there as
well.
I'm trying to figure out how to only have authentication be available to
users inside my network.
Here are the acls I have now:
acl domainusers proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mynetwork src 192.168.0.0/24
acl workmachine src 207.xxx.xxx.xxx
http_access allow localhost
http_access allow mynetwork
http_access allow domainusers !workmachine
#http_access allow workmachine
http_access deny all
So with the above ruleset I can access the authentication prompt from every
outside IP except my workstation which is outside of the network. :-)
Is there any acl that I could put in that would mention the "outside
network" and then make a line like this:
http_access allow domainusers !outsidenetwork
I thought I could add more restrictions to the group domainusers but these
lines didn't take when I tried to restart squid:
acl domainusers src 192.168.0.0/24 #local network
acl domainusers src 207.xxx.xxx.xxx #my work machine, external to the
network
I know I could block external requests to port 3128 but I'd like to be able
to figure it out from within squid.
Thanks all!
Bob
Received on Fri Jan 24 2003 - 11:32:25 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:50 MST