fre 2006-11-03 klockan 08:06 +0100 skrev Mark Elsen: > > ----------------------------------------------------------------------- > > acl my_auth proxy_auth REQUIRED > > acl google dstdomain .google.com > > http_access allow my_auth > > http_access deny google my_auth > > http_access deny all > > > > In this case if the user requests www.google.com then the second > > http_access line matches and triggers re-authentication. Remember: it's > > always the last ACL on a http_access line that "matches". > > ----------------------------------------------------------------------- > > No, it's the first ACL on a http_access line that matches, > in your case, the 2 last ones will never be reached. The section is talking about deny_info and text is correct but the config example broken for the reasons mentioned.. For deny_info it's the last acl on the http_access deny line that matches. In http_access it's the first http_access line matching the request that tell if the request is allowed or denied. The rest of the http_access lines is never reached. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
