On Fri, 11 Feb 2005, Oliver Hookins wrote:
This could be a problem. So any program that chooses not to authenticate, or for some reason cannot authenticate (for example, it's not built-in) will be denied access?
Yes, as Squid needs the username to evaluate the acl.
If we reversed the rules like this:
http_access allow SURFING http_access allow allowedsites mynetwork http_access allow AuthGroup mynetwork http_access deny all
that would force authentication for non-SURFING && non-allowedsites requests, right?
Right.
I'm just thinking of server programs that download stuff but don't authenticate (in which case we would put them in the SURFING acl).
Like most people do.
Regards Henrik
