Re: [squid-users] simple acl question

From: Henrik Nordstrom <[email protected]>
Date: Thu, 3 Nov 2005 23:40:52 +0100 (CET)

On Thu, 3 Nov 2005, Derrick MacPherson wrote:

> I have:
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access allow AuthorizedUsers
>
> If I want to no authorization requested from the allowed_hosts but they
> can still access, can it be done with something like:
>
> acl allowed_hosts src "/root/allowed_hosts"
> http_access allow allowed_hosts
> acl AuthorizedUsers proxy_auth REQUIRED !allowed_hosts
> http_access allow AuthorizedUsers

Almost, only that the !allowed_hosts should be on the http_access line,
not the acl line..

also it's actually redundant. The http_access line above takes care of all
allowed_hosts. No allowed_hosts will be seen by Squid below that line. But
it's good to limit access to your networks only

I would use something along the following lines:

# Allow allowed_hosts without authentication
acl allowed_hosts src "/root/allowed_hosts"
http_access allow allowed_hosts

# The rest of our network requires authentication
acl AuthorizedUsers proxy_auth REQUIRED
acl my_networks src "/root/my_networks"
http_access allow my_networks AuthorizedUsers

# And finally deny all else
http_access deny all

Regards
Henrik
Received on Thu Nov 03 2005 - 15:40:59 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST