RE: [squid-users] http_access and proxy_auth

From: Steve Wilson Jr <[email protected]>
Date: Fri, 3 Nov 2006 10:11:08 -0500

Try
http_access deny !my_auth

-----Original Message-----
From: Colin Campbell [mailto:sgcccdc@citec.qld.gov.au]
Sent: Thursday, November 02, 2006 11:18 PM
To: squid-users@squid-cache.org
Subject: [squid-users] http_access and proxy_auth

Hi,

I should know this but reading FAQ and things is just confusing me.

If we have:

acl authenticated proxy_auth REQUIRED

When would any http_access lines even get used if they appear after
something like:

http-access permit authenticated

I ask because my understanding is that anyone who has authenticated
would match this line and never go past it. If I'm not stupid and that
is in fact the case, then is the following, from
http://workaround.org/moin/HowSquidAclsWork, incorrect?

-----------------------------------------------------------------------
acl my_auth proxy_auth REQUIRED
acl google dstdomain .google.com
http_access allow my_auth
http_access deny google my_auth
http_access deny all

In this case if the user requests www.google.com then the second
http_access line matches and triggers re-authentication. Remember: it's
always the last ACL on a http_access line that "matches".
-----------------------------------------------------------------------

If the user has authenticated, when would the second or indeed the third
http_access line ever be reached?

Colin

-- 
Colin Campbell
Unix Support/Postmaster/Hostmaster
Citec
+61 7 3227 6334
Received on Fri Nov 03 2006 - 08:11:18 MST

This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST