-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/10/2014 3:21 a.m., Amos Jeffries wrote: > On 9/10/2014 2:09 a.m., Tom Tom wrote: >> I think, this behaviour was introduced with squid 3.4.4.1 >> (http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13113.patch). > >> I don't exactly understand this behaviour. Any hints for this? > > Aha. I am guessing it is a combination of: * the previous > ssl-bumped traffic was brokenly finding "invalid" credentials * an > "empty" regex actually contains .* (is matching anything valid). > > Meaning previously the "invalid" credentials would prevent the > regex being even attempted. Now that the credentials validity is > fixed the regex tests out and matches. > > Try putting a single entry of "-" in /etc/squid/DENY_USERS_LOCAL. Actually that would match any users with hyphen in their username. For production use, if the experiment above actually works, use ^root$ or another username shich will never be assigned with explicit start and end anchors. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUNUmhAAoJELJo5wb/XPRjxUwH/3Y3gDn7Cbt4ikAFyhAq+BlJ tnvu2lC/WK5et8aWSsGGUtxDcOZtJoW9hYGWVIJs7wukqMlldvH7oWdGpJ/pS4tQ KVpABF55n0Kt1ayRTpHzoE6eNDgVZt5lMcUk1OJnjW/wbibC5n6+BpBwyjg+Hf1X StvV6y99kMvqWkHNgBYcwLXblV83GdtnX5xmCV6CnPZSry50bMc+m/4fiLSJojvG unCMccmkw09697sPzJvZRe0CZbq8r3TRLfGJQEYqVem2FumpCoPQVDHIk82Q0B/y nyMHOndz5PVnYr9VpuYy7pVokA74jJ5HstLVQsIW/i1TMjarUP/1dFYpG8sEDL4= =/mvM -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
