Brian J. Murrell wrote:
I'm trying to set up rules that limit particular people to particular
time windows of use. So I have this:
acl brian proxy_auth brian
acl alice proxy_auth alice
acl wkday-22-12 time MTWTF 22:00-23:59
acl wkday-12-15 time MTWTF 00:00-15:00
acl no_auth_sites foo.bar.com domain.org
and then have some http_access rules:
http_access deny alice wkday-12-15
http_access deny alice wkday-22-12
http_access allow no_auth_sites
But it seems that I am getting a 407 trying to access foo.bar.com. If I
move the "http_access allow no_auth_sites" before the lines for alice,
I'm not required to authenticate.
This does make sense I guess, since it wants to see if I am alice to
decide if I should be prohibited.
So I guess the question is, how can I write a set of rules that:
* allow access to some sites without authentication[1]
* prohibit access to everything if a particular user is trying to
access outside of allowed times and
* require proxy authentication for everything else
Moving the "no_auth_sites" rules above the "alice" rules is not an
option because that would violate the second requirement.
Upon review of my three points, it doesn't seem possible, but I wonder
if I am missing something.
So you want to allow access to a site without requiring authentication,
except if it's a certain person? That would be quite the impressive
feat. Authentication by clairvoyance... :o)
Thanx,
b.
[1] i.e. for computer maintenance -- where computers don't have accounts
for proxy access -- or worse, applications that don't support proxy
authentication)
Chris
