Re: [squid-users] per-acl error messages not working

From: Henrik Nordstrom <[email protected]>
Date: Mon, 30 Jul 2007 03:47:50 +0200

On ons, 2007-07-25 at 13:31 -0400, Michael W. Lucas wrote:

> If a user logs in from too many machines, or if he enters a wrong
> password, he gets the error message in ERR_NO_SHARING. I would expect
> a user who signs on too often to get ERR_NO_SHARING and a user who
> fails to authenticate to get the default ERR_CACHE_ACCESS_DENIED.
>
> Instead, all users get ERR_NO_SHARING. I would like to give the users
> a useful error message, but obviously I am missing something.

> #clients may only log in from one IP at a time.
> http_access deny noPwSharing

change the above to

http_access deny our_networks radius_auth noPwSharing

and the results will be what you expect, making unauthenticated users be
denied by the radius_auth acl, and authenticated users using too many IP
addresses denied by the noPwSharing ACL.

I also added the out_networks acl to deny probing of the user
passwords.. you probably want to do this on the no_auth_... lines as
well.

Regards
Henrik
Received on Sun Jul 29 2007 - 19:48:01 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT