On 8/02/2016 11:06 p.m., Olivier CALVANO wrote: > Hi Amos, > > Thanks for your help, > > buit if i don't put the line http_access deny !Group_Allowed, user not in > the group connect connect > and access to all internet > > my config: > > > > ###################################################################### > # ACL pour les Droits d'accès d'apres l'Active Directory > ###################################################################### > acl Authentification proxy_auth REQUIRED > http_access deny !Authentification > acl Group_Allowed external AD_Group Internet-Access > http_access allow Group_Allowed > #http_access deny !Group_Allowed > ###################################################################### > > #always_direct deny Authentification > http_access allow Lan > http_access deny all > > > > > > > i see that i have a > > http_access allow Lan > > it's not this the problems ? > You did not do what I said to do ... 2016-02-07 11:44 GMT+01:00 Amos Jeffries: > > In this particular config setup use "deny all" instead of "deny > !Group_Allowed". I did not mention or ask about any other rules in your config because those two rules that you posted, no matter where you put them, will always be the last two rules Squid checks. They allow X and deny !X Once you match both X and not-X things. What is left? nothing. Nada. Therefore; No traffic will ever possibly get past both those rules to anything that follows. So yes, the "allow Lan" is part of the reason why your change is not working. BUT only because your change made it part of the problem when it was not previously relevant. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
