On Wed, Nov 25, 2009 at 1:02 PM, Gary Bennett <benngl@xxxxxxxxxxxxxx> wrote: > Thanks for the reference, Amos. However, how do you set specific ACLs for each interface? > That is, don't see a method for saying that we want 1.1.1.100 to be LDAP auth, but not 1.1.1.101. Thanks, again. You simply need not to depend on any user-identity clause. E.g. structure your http_access lines as: acl ipauth myip the_right_ip acl okdests dst net1 net2 net3.. acl safe_ports ... # the snippets from the configuration interface acl userdb proxy_auth user1 user2 ... http_access allow http safe_ports ipauth okdests http_access deny ipauth http_access allow http safe_ports userdb http_access deny all Notice that this is an EXAMPLE: it misses protecting cachemgr, https, ftp and all the other goodies which the default config takes care of. -- /kinkie