> -----Original Message----- > From: Carinus Carelse [mailto:carinus.carelse@xxxxxxxxx] > Sent: Tuesday, May 10, 2005 9:33 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] {Spam?} acl help please > > > I have a program that synchronises using the proxy. however I keep > getting this error message in the cache.log file. > > 2005/05/11 08:25:51| The request CONNECT ip number:port is DENIED, > because it matched 'password' > > Ho can I bypass the password acl I have and allow the CONNECT method > just for the ipnumber:port . > > Carinus > A couple new ACLs like: acl specialAddress dst 1.2.3.4/32 acl specialPort port 5678 Then (assuming that your proxy authentication acl is named "password") change your proxy auth line to http_access deny !password !CONNECT !specialAddress !specialPort This should block any non-authenticated request to anywhere but 1.2.3.4:5678 without opening your proxy to allow just ANYONE to surf to that IP address:port Otherwise, if this program is run from one specific computer, you could use a src acl like: acl specialClient src 4.3.2.1/32 acl specialAddress dst 1.2.3.4/32 acl specialPort port 5678 Then above the http_access deny !password control, a line like: http_access allow specialClient CONNECT specialAddress specialPort will allow that computer to CONNECT to that ip and port without authentication, but will require any other computer to authenticate to reach it. Chris
