On 31/05/11 22:22, Vipul Gupta wrote:
Hello All, I am a new-be here. I am creating two acl's one for hosts and another with users. The config is given below acl AuthUser proxy_auth REQUIRED acl allowedHost src "/etc/squid/guard/privileged/testRule-ip" acl allowedUser proxy_auth "/etc/squid/guard/privileged/testRule-user" acl max_con maxconn 50 http_access deny allowedHost allowedUser max_con deny_info ERR_TOOMANY_CONN allowedHost allowedUser max_con
deny_info takes *one* name for the ACL whose deny match will display it.
http_reply_access allow allowedHost allowedUser http_access allow allowedHost allowedUser
Those two lines do the same thing. You do not need to check the reply if the request is already validated the same.
http_access allow AuthRequred http_reply_access allow all http_access deny all The value of acls are: allowedHost: 10.10.100.10, 10.10.100.20 allowedUser: test1, test2 Everything else is blocked. The problem is I want only allowedUser to access internet from allowedHost, But I am able to access internet from other hosts also using same user names.
Due to "http_access allow AuthRequred" - anyone who can login is allowed. Use this: deny_info ERR_TOOMANY_CONN max_con http_access deny !allowedHost http_access deny max_con http_access deny !AuthRequred http_access allow allowedUser http_access deny all Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
