RE: [squid-users] Problem with auth_param + delay_pools

From: Chris Robertson <[email protected]>
Date: Wed, 12 Oct 2005 15:35:12 -0800

> -----Original Message-----
> From: Phillip Geiger [mailto:phillip.geiger@gmail.com]
> Sent: Tuesday, October 11, 2005 11:13 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Problem with auth_param + delay_pools
>
>
> Hello all,
>

Cut description of problem...

>
> Here's my squid.conf, which is mostly the default provided by my Linux
> firewall distribution (SmoothWall):
>
> ==============================
>

And bits of the squid.conf...

>
>
> auth_param basic program /usr/local/squid/bin/ncsa_auth
> /usr/local/squid/etc/squid_passwd
> auth_param basic children 5
> auth_param basic realm Firewall
> auth_param basic credentialsttl 2 hours
>
>
>
> acl users1 src 192.168.36.3-192.168.36.250/32
> acl users2 proxy_auth REQUIRED
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
>
>
> http_access allow localhost
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports

I would try changing this line...

> http_access allow users1 users2

...to...

http_access deny !users2 # Require authentication
http_access allow users1 # If you get here, you are authenticated.

> #http_access allow localnet
> http_access deny all
>
>
>
>
> ##############################################################
> ##################
> # delay_pools config
> ##############################################################
> ##################
>
> # define one class 2 pool
> delay_pools 1
> delay_class 1 2
>
> # users1 follows the rules of pool 1
> delay_access 1 allow users1
> delay_access 1 deny all
>
> # Everyone in users1 has access to the full bandwidth until
> # his 2 megabyte bucket is empty, then it refills at 4 kbyte/sec
> # 1 kbyte = 1024, 1 mb = 1048576
>
> #delay_parameters 1 -1/-1 8192/4194304
> delay_parameters 1 -1/-1 4096/2097152
>
> # everyone's bucket starts out full
> delay_initial_bucket_level 100
>
>
> refresh_pattern -i \.jpg$ 9000000 100% 9000009 override-expire
> refresh_pattern -i \.gif$ 9000000 100% 9000009 override-expire
> refresh_pattern -i \.png$ 9000000 100% 9000009 override-expire
> refresh_pattern -i \.exe$ 9000000 100% 9000009 override-expire
>
>
> redirect_program /usr/local/adzap/scripts/wrapzap
>

Chris
Received on Wed Oct 12 2005 - 17:35:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST