Re: [squid-users] question on external_acl_type

From: Henrik Nordstrom <[email protected]>
Date: Tue, 1 Feb 2005 23:12:51 +0100 (CET)

On Tue, 1 Feb 2005, Norio Korekawa wrote:

> Sorry, but just one more comment.
>
> Well, I just want to use different ERR_ pages for user_auth_acl and
> myacl by deny_info, say, ERR_USER_AUTH_FAILED for user_auth_acl and
> ERR_MYACL_FAILED for myacl.

Then just do so ;-)

> In case 1. below, squid shows ERR_USER_AUTH_FAILED for user_auth_acl,
> however it shows not ERR_MYACL_FAILED but just ERR_ACCESS_DENIED for myacl...

This is because you never deny requests by "myacl". Only "user_auth_acl"
(by not being authenticated yet) or the "all" acl when falling thru to the
"deny all" line.

deny_info works by the acl which was active then the request was denied,
which makes it match two kinds of acls:

a) The last acl on an http_access deny line

b) An authentication related acl when the user is not yet authenticated as
this implicitly denies access to request the user to log in.

Regards
Henrik
Received on Tue Feb 01 2005 - 15:12:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST