Hi Ive been using IP's in acl's to restrict access to squid, a redirector (squidguard) and a parent proxy (virus scanning proxy) This has been working fine and part of my squid.conf is below # Everything ACL - goes via parent and squidguard acl everything src "/etc/squid/acl/everything" http_access allow everything never_direct allow everything redirector_access allow everything # nothing ACL stops parent and redirector acl nothing src "/etc/squid/acl/nothing" http_access allow nothing always_direct allow nothing redirector_access deny nothing # noparent ACL always direct stops it from forwarding to parent acl novirus src "/etc/squid/acl/novirus" http_access allow novirus always_direct allow novirus # nofilter ACL uses redirector access to stop requests going to the redirector (squidguard) acl nofilter src "/etc/squid/acl/nofilter" http_access allow nofilter redirector_access deny nofilter http_access allow localhost http_access deny all This is fine for static IP's and does exactly what I want, i.e. put an IP in /etc/squid/acl/everything and it gets filtered and forwarded to the parent, put an address in /etc/squid/acl/nothing and it goes direct and bypasses the redirector/squidguard. I wanted to allow roaming users to use my squid so ive tried adding authentication using the below. Aim was if I knew there IP it would be in one of the acl files so no username/password prompt, if there IP was not in the acl files it would pop up a username password - again I wanted control based on username whether they should go via the parent/redirector or not # testing authentication acl nothing_auth proxy_auth "/etc/squid/acl/nothing_auth" http_access allow nothing_auth always_direct allow nothing_auth redirector_access deny nothing_auth acl everything_auth proxy_auth "/etc/squid/acl/everything_auth" http_access allow everything_auth never_direct allow everything_auth redirector_access allow everything_auth Which seemed to work but I noticed an IP I had in "/etc/squid/acl/everything" which was going via the parent and redirector started going direct? If I comment out all my proxy_auth lines and restart squid all works again. Can you mix proxy_auth and IP based ACL's like this? Other relevant bits of my squid.conf below url_rewrite_program /usr/bin/squidguard url_rewrite_children 10 auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid.users auth_param basic children 5 auth_param basic realm web filter auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
