Search squid archive

RE: Squid ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Original Message-----
From: squid3@xxxxxxxxxxxxx [mailto:squid3@xxxxxxxxxxxxx] 
Sent: 06 July 2007 00:22
>To: Christian Vallant
>Cc: squid-users@xxxxxxxxxxxxxxx
>Subject: Re:  Squid ACL
>
>> Hello,
>>
>> i need to solve following problem.
>> I have an ldap-server, which i use to authenticate the user.
>> If the user is in the group, he has access to the group A. If the
>> authentications fails, he has access to the group B.
>>
>> Can anyone tell me, how i can solve this problem.
>>
>> I have already have an authentication, but the problem is, that if the
>> user tries to authenticate, but he has no rights, the
>> authentication-window
>> comes again and again. But the user has to be in the group
>> to_domains_without_auth and the other domains should be blocked.
>>
>> So, the relevant code looks like:
>>
>> auth_param basic program /etc/squid/ldapauth.pl
>> acl for_inetusers proxy_auth REQUIRED
>>
>> acl to_domains_without_auth dstdomain
>> "/var/ipcop/proxy/advanced/acls/dst_noauth
>>                  .acl"
>>
>>
>> Can anyone help me?
>>
>
>Check the order of http_access * lines in your squid.conf.
>They are processed in order, and for_inetusers needs to be preceeded by
>any ACL that allow people through without Auth.
>
>For example:
>
>http_access allow anybody_without_auth
>http_access allow for_inetusers
>http_access deny all
>
>Amos

Remember for rules to work effectively, at least one of them has to be true.
I suspect this is why your authentication window keeps popping up. For
example if someone isn't in the inetusers group, the result of the line
http_access allow for_inetusers will be false and it will move on to the
next line.  You need the users to match a deny rule to stop the request
being processed and output a squid error page to the user.  The deny all
rule should suffice.

Hope this makes sense.



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux