On 06.09.2012 02:41, Sean Boran wrote:
On my internal network, no user authenication is currently used, so
the acl
is like
acl our_networks src "/etc/squid/our_networks.list"
http_access allow our_networks
http_access allow localhost
http_access deny all
Now I'd like to force authentication only from one IP 10.90.195.47s
and
tried:
auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth
/etc/squid/passwd
acl password proxy_auth REQUIRED
acl client1 src 10.90.195.47/32
add addin the following before "http_access allow our_networks":
http_access allow password src client1
but that https_acces line is wrong it kill squid :-)
"src" is not a defined ACL *name*.
Order is important too. The ACL are tested left to right, first
mis-match stops the line processing ("a AND b AND c" conditional
behaviour).
eg: http_access allow client1 password
Placing the IP test before authentication makes the auth ACL test be
skipped for IPs not matching that subnet.
Amos
