On 15/04/2017 1:25 a.m., Serhat Koroglu wrote: > Hello, > > I'm trying to manage squid users to access the proxy if they logged > in and the site url is allowed in my url list. They are running one > by one. If logged in accesses but not check the url and vice versa. > But I want both of them. Here is my config part. > First some concepts: You do not have any "url list" in the displayed config settings. You do have a file that is supposed to contain *only* domain names. Those may have wildcard sub-domains in dstdomain format (domin name started with a '.'), but URLs and other things are not valid in that file. Also, http_access does not allow/deny "URLs". It can best be described as allowing or denying *use of the proxy*. Use of the proxy is a very different concept to 'URL'. That is very important to get straight in your head since it directly affects your understanding of what the ACLs do. > > auth_param basic program /usr/bin/php /var/www/html/sqauth.php > auth_param basic children 20 > auth_param basic realm Username and password > auth_param basic credentialsttl 5 hours > > acl AuthenticatedUsers proxy_auth REQUIRED > > acl allowed_sites dstdomain "/etc/squid/allowedsites.txt" > acl all_others dst 0.0.0.0/0.0.0.0 Contrary to what you may think the above "all_others" ACL does not deny access to everywhere. It is a bad way to configure: acl all_others dst ipv4 Also be aware that it can only match IPv4 addresses. So any IPv6-only domain will happily skip past your denial rule. This has nothing to do with whether your client or your local network is IPv4-only. It depends solely on the DNS listed IPs of the destination domain, clients requesting IPv6-only domains will be allowed to use your proxy. Use the provided/built-in ACL called "all" when you want to match everything. > > http_access allow allowed_sites > http_access deny all_others > http_access allow AuthenticatedUsers > When you fix the "deny all_others" stuff so it working as you appear to intend. Your authentication will "break". Please read <http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes> for why, and that should also teach you how to solve your described problem. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
