[squid-users] Re: Config Errors Cause Allowed Access

From: Adam Aube <[email protected]>
Date: Thu, 25 Nov 2004 21:33:47 -0500

Michael Bhola wrote:

> My question is regarding the behaviour of the acls when ident isn't
> recognised. In the config below, because adults isn't valid, it seems to
> just ignore that acl and allow based on homenet.

> Is it possible to change my configuration in some way so that any acl
> with an error is ignored completely or some other way of setting things
> up so that it fails safe ?

> http_access allow homenet adults
> http_access allow homenet children safe_domain
> http_access allow localhost
> http_access deny all

Change the above http_access lines so that the ident acls aren't combined
with anything else. Something like this should work:

http_access allow localhost
http_access deny !homenet
http_access allow adults
http_access deny !safe_domain
http_access allow children
http_access deny all

Adam
Received on Thu Nov 25 2004 - 19:33:53 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST