On 06.09.2012 02:41, Sean Boran wrote:
> On my internal network, no user authenication is currently used, so
> the acl
> is like
> acl our_networks src "/etc/squid/our_networks.list"
> http_access allow our_networks
> http_access allow localhost
> http_access deny all
>
> Now I'd like to force authentication only from one IP 10.90.195.47s
> and
> tried:
> auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth
> /etc/squid/passwd
>
> acl password proxy_auth REQUIRED
> acl client1 src 10.90.195.47/32
>
> add addin the following before "http_access allow our_networks":
> http_access allow password src client1
> but that https_acces line is wrong it kill squid :-)
"src" is not a defined ACL *name*.
Order is important too. The ACL are tested left to right, first
mis-match stops the line processing ("a AND b AND c" conditional
behaviour).
eg: http_access allow client1 password
Placing the IP test before authentication makes the auth ACL test be
skipped for IPs not matching that subnet.
Amos
Received on Wed Sep 05 2012 - 23:31:41 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 06 2012 - 12:00:02 MDT