Hi, I should know this but reading FAQ and things is just confusing me. If we have: acl authenticated proxy_auth REQUIRED When would any http_access lines even get used if they appear after something like: http-access permit authenticated I ask because my understanding is that anyone who has authenticated would match this line and never go past it. If I'm not stupid and that is in fact the case, then is the following, from http://workaround.org/moin/HowSquidAclsWork, incorrect? ----------------------------------------------------------------------- acl my_auth proxy_auth REQUIRED acl google dstdomain .google.com http_access allow my_auth http_access deny google my_auth http_access deny all In this case if the user requests www.google.com then the second http_access line matches and triggers re-authentication. Remember: it's always the last ACL on a http_access line that "matches". ----------------------------------------------------------------------- If the user has authenticated, when would the second or indeed the third http_access line ever be reached? Colin -- Colin Campbell Unix Support/Postmaster/Hostmaster Citec +61 7 3227 6334
