Re: [squid-users] question on external_acl_type

From: Norio Korekawa <[email protected]>
Date: Wed, 02 Feb 2005 12:28:54 +0900 (JST)

Hello again Henrik

Thank you for your answer. My understanding of "deny_info" (with
relation to "http_access deny") was just insufficient...

It might look a little redundant, but according to Scott's advice
I guess an appropriate squid.conf would be as follows:

--- my squid.conf --
deny_info ERR_USER_AUTH_FAILED user_auth_acl
deny_info ERR_MYACL_FAILED myacl

http_access allow user_auth_acl myacl
http_access deny !user_auth_acl
http_access deny !myacl
http_access deny all
--- my squid.conf --

Thanks again.
Regards,
Norio

> > In case 1. below, squid shows ERR_USER_AUTH_FAILED for user_auth_acl,
> > however it shows not ERR_MYACL_FAILED but just ERR_ACCESS_DENIED for myacl...
>
> This is because you never deny requests by "myacl". Only "user_auth_acl"
> (by not being authenticated yet) or the "all" acl when falling thru to the
> "deny all" line.
>
> deny_info works by the acl which was active then the request was denied,
> which makes it match two kinds of acls:
>
> a) The last acl on an http_access deny line
>
> b) An authentication related acl when the user is not yet authenticated as
> this implicitly denies access to request the user to log in.
>
> Regards
> Henrik
Received on Tue Feb 01 2005 - 20:29:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST