On 10/07/2012 8:22 p.m., Carlo Filippetto wrote:
Hi all, I need to create a rules where some users, logged in with ntlm, must be restrictet only in few sites. I tried something as: acl RESTRICTED_USER proxy_auth "/etc/squid/restricted_user.allow" acl RESTRICTED_WEB dstdomain "/etc/squid/restricted_web.limited" http_reply_access allow RESTRICTED_WEB RESTRICTED_USER http_reply_access deny all RESTRICTED_USER
The magic ACL "all" only means something when its on the end (right hand side) of the line.
By placing "all" on the end of a line containing authentication ACLs you prevent login challenge from being done by *that* line.
Also note that by doing these restructions on *reply* access, it means the user/clients details have already been sent to the remote website for processing. Only the remote websites reponse is blocked from delivery to the client. NTLM could be doing some very strange thinsg with its multiple requests. There is no reason why these rules cannot be done in http_access where it is safer and NTLM cannot have such dangerous side effects. I suggest moving them and seeing what improves.
It work, but other user seems are affected with continuos authentication request.
By "user" what do you mean other already logged in *users*? or non-login *clients*?
Amos
