I just realized gmail was using the wrong reply address. Sorry about that. > > acl GRP2 external ADGroup CN=UsuariosInternet,OU=UsersOU,DC=example,DC=com > > acl GRP3 external ADGroup CN=GRP3,OU=UsersOU,DC=example,DC=com > > acl GRP4 external ADGroup CN=GRP4,OU=UsersOU,DC=example,DC=com > > All these group checks will trigger re-authenticate if the user is not a > member of the group(s) being checked - in case a different login would work. > > This issue is where the "all hack" comes from. Put "all" at the end of > the deny lines which need to end with a group check. Or where possible > rearrange the ACL checks to put some other ACL type after the group check. > > > For example: ... > > > http_access deny !GRP3 !GRP2 !GRP4 > > ... here: > > http_access deny !GRP3 !GRP2 !GRP4 all > > > > http_access deny !InternalSites GRP3 !GRP2 > > ... here: > http_access deny GRP3 !GRP2 !InternalSites > > > > http_access allow SocialNetworks GRP4 > > ... here: > http_access allow GRP4 SocialNetworks holly ..., that is a tricky detail!!!! I just read https://wiki.squid-cache.org/action/show/Features/Authentication. The squid team should put some warning on the config file or something to bring this detail to prominence. THANK YOU VERY MUCH!!!! > > > http_access deny SocialNetworks > > acl BlackListedDomains1 dstdomain -n > > '/etc/squid/Sites/Forbidden/BlackListedDomains1' > > http_access deny BlackListedDomains1 > > acl BlackListedDomains2 dstdomain -n > > '/etc/squid/Sites/Forbidden/BlackListedDomains2' > > http_access deny BlackListedDomains2 > > acl BlackListedDomains3 dstdomain -n > > '/etc/squid/Sites/Forbidden/BlackListedDomains3' > > http_access deny BlackListedDomains3 > > acl BlackListedDomains4 dstdomain -n > > '/etc/squid/Sites/Forbidden/BlackListedDomains4' > > http_access deny BlackListedDomains4 > > Any particular reason for some many different blacklists? > > It is a faster check and simpler config file to either have one > blacklist file, or to load all the files as one ACL name. Easy maintenance. I want to know/remember why I blacklisted some specific domain. Keep in mind I "anonymised" the config file before posting, so the generic names, the example.com domain, etc. > > acl REBlackListedDomains1 dstdom_regex -i > > '/etc/squid/Sites/Forbidden/REBlackListedDomains1' > > http_access deny REBlackListedDomains1 > > acl REBlackListedDomains2 dstdom_regex -i > > '/etc/squid/Sites/Forbidden/REBlackListedDomains2' > > http_access deny REBlackListedDomains2 > > acl REBlackListedDomains3 dstdom_regex -i > > '/etc/squid/Sites/Forbidden/REBlackListedDomains3' > > http_access deny REBlackListedDomains3 > > Same for the regex blacklists. > Same for the regex blacklists. ;-) > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
