Hi,
I should know this but reading FAQ and things is just confusing me.
If we have:
acl authenticated proxy_auth REQUIRED
When would any http_access lines even get used if they appear after
something like:
http-access permit authenticated
I ask because my understanding is that anyone who has authenticated
would match this line and never go past it. If I'm not stupid and that
is in fact the case, then is the following, from
http://workaround.org/moin/HowSquidAclsWork, incorrect?
-----------------------------------------------------------------------
acl my_auth proxy_auth REQUIRED
acl google dstdomain .google.com
http_access allow my_auth
http_access deny google my_auth
http_access deny all
In this case if the user requests www.google.com then the second
http_access line matches and triggers re-authentication. Remember: it's
always the last ACL on a http_access line that "matches".
-----------------------------------------------------------------------
No, it's the first ACL on a http_access line that matches,
in your case, the 2 last ones will never be reached.
If the user has authenticated, when would the second or indeed the third
http_access line ever be reached?
I think the answer is never, I guess, in your case I guess you would need :
http_access allow my_auth !google
M.
