[squid-users] proxy_auth authentication exemption problem

From: Kenneth Oncinian <kenneth.oncinian@dont-contact.us>
Date: Thu, 07 Jul 2005 10:56:55 +0800

Hi list,

I have a simple user based authentication using ncsa_auth, and the same
time excluding authentication for some users using src IP address.
This works fine. until i have a requirement which needs to ban some
websites but not from some authenticated users.

so my previous squid.conf is like this, and this works on the exemption
of the user1, user2, and user3 from authenticating while prompting for
others:
---------------------------------------------------------
acl banned dstdomain "/usr/local/etc/squid/banned.txt"

auth_param basic program /usr/local/libexec/ncsa_auth
/usr/local/etc/squid/htpasswd
auth_param basic children 50
auth_param basic realm my domain
auth_param basic credentialsttl 2 hours

#acl of excempted IPs from authenticating using ncsa_auth
acl user1 src 192.168.1.1/255.255.255.255
acl user2 src 192.168.1.2/255.255.255.255
acl user3 src 192.168.1.3/255.255.255.255
acl password proxy_auth REQUIRED

http_access allow user1
http_access allow user2
http_access allow user3

http_access deny banned
never_direct allow all
never_direct allow password
------------------------------------

But when I tried to change the squid.conf to:
------------------------------------
acl banned dstdomain "/usr/local/etc/squid/banned.txt"

auth_param basic program /usr/local/libexec/ncsa_auth
/usr/local/etc/squid/htpasswd
auth_param basic children 50
auth_param basic realm my domain
auth_param basic credentialsttl 2 hours

#acl of excempted IPs from authenticating using ncsa_auth
acl user1 src 192.168.1.1/255.255.255.255
acl user2 src 192.168.1.2/255.255.255.255
acl user3 src 192.168.1.3/255.255.255.255
acl user4 proxy_auth username4 <--
acl user5 proxy_auth username5 <--
acl password proxy_auth REQUIRED

http_access allow user1
http_access allow user2
http_access allow user3

http_access allow user4 banned <--
http_access allow user5 banned <--
http_access deny banned
never_direct allow all
never_direct allow password
-------------------------------------

All users are then prompted for authentication including user1, user2
and user3, there's no more exclusion in the ncsa_auth authentication.
Where did I go wrong? any hints or tip is greatly appreciated.

regards,
Kenneth
Received on Wed Jul 06 2005 - 20:57:07 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT