On 25/04/2023 12:14 am, David Touzeau wrote:
Thanks Amos for the mistake, yes my explains was wrong.
Your are right, the first object !allowed_domains matches, so squid
usually compute the second object. This an expected behavior.
According your suggest my problem was the first rule "http_access
allow noauth_sites" in first place.
yes, it will allow requests but, requests will be allowed for all
other rules too.
It make sense, why compute all others rules if the first one is allowed ?
if a add office365.com in noauth_sites object but i did not want
office365.com for limited_users, the noauth_sites in first place will
disable all "deny" rules.
I'm wrong ?
I assume the ACL name "noauth_..." means the domains listed there are to
be accepted without checking the authentication.
In that case you **cannot** check (aka require) authentication before
allowing them.
To have any authentication-based special handing on a domain requires
that authentication happens.
So you have the choice for any given domain, whether to always-allow
(no-auth for everybody) or to require *everyone* login before deciding
allow/deny.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users