Hi list,
I have a simple user based authentication using ncsa_auth, and the same
time excluding authentication for some users using src IP address.
This works fine. until i have a requirement which needs to ban some
websites but not from some authenticated users.
so my previous squid.conf is like this, and this works on the exemption
of the user1, user2, and user3 from authenticating while prompting for
others:
---------------------------------------------------------
acl banned dstdomain "/usr/local/etc/squid/banned.txt"
auth_param basic program /usr/local/libexec/ncsa_auth
/usr/local/etc/squid/htpasswd
auth_param basic children 50
auth_param basic realm my domain
auth_param basic credentialsttl 2 hours
#acl of excempted IPs from authenticating using ncsa_auth
acl user1 src 192.168.1.1/255.255.255.255
acl user2 src 192.168.1.2/255.255.255.255
acl user3 src 192.168.1.3/255.255.255.255
acl password proxy_auth REQUIRED
http_access allow user1
http_access allow user2
http_access allow user3
http_access deny banned
never_direct allow all
never_direct allow password
------------------------------------
But when I tried to change the squid.conf to:
------------------------------------
acl banned dstdomain "/usr/local/etc/squid/banned.txt"
auth_param basic program /usr/local/libexec/ncsa_auth
/usr/local/etc/squid/htpasswd
auth_param basic children 50
auth_param basic realm my domain
auth_param basic credentialsttl 2 hours
#acl of excempted IPs from authenticating using ncsa_auth
acl user1 src 192.168.1.1/255.255.255.255
acl user2 src 192.168.1.2/255.255.255.255
acl user3 src 192.168.1.3/255.255.255.255
acl user4 proxy_auth username4 <--
acl user5 proxy_auth username5 <--
acl password proxy_auth REQUIRED
http_access allow user1
http_access allow user2
http_access allow user3
http_access allow user4 banned <--
http_access allow user5 banned <--
http_access deny banned
never_direct allow all
never_direct allow password
-------------------------------------
All users are then prompted for authentication including user1, user2
and user3, there's no more exclusion in the ncsa_auth authentication.
Where did I go wrong? any hints or tip is greatly appreciated.
regards,
Kenneth