Hello:
I just installed Squid2.2.Stable3 on a Redhat5.2. I used Squid1.1.20 before. This was a complete install, with new squid.conf, etc., not an upgrade to existing Squid/OS.
Now my ACL definitions do not work properly, even though they worked on Squid1.1.20
Goal: 1) Control users by their Source IP address, AND
2) Prompt ALL users for Proxy Password, AND
3) restrict access for generic users during the day.
Squid2.2.Stable3 acls and rules:
#
# Same as Squid1.1.20, but recompiled for Squid2.2.Stable3
#
authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/Passwd
#
log_fqdn on
#
# Above statements are at proper locations in the file..
#
acl all src 0.0.0.0/0.0.0.0
acl timerange time 06:00-20:30
acl password proxy_auth REQUIRED
acl bigboss src 15.128.8.200/0.0.0.0
acl workbees src 15.128.8.240 15.128.8.241 15.128.8.242
#
# New for Squid2.2.Stable3
#
http_access allow password
http_access allow bigboss
http_access allow localhost
# Allow access to all other Users based on their IP address and current time
http_access allow timerange
#
http_access allow workbees
http_access deny all
#
# New for Squid2.2.Stable3
#
ident_lookup_access allow workbees
ident_lookup_access deny all
I had basically similar set-up in Squid1.1.20, ofcourse there was no 'acl' for proxy_auth.
Problem:
Squid1.1.20 did exactly according to my goals.
Squid2.2 asks for password but does NOT verify workbees source IP addresses!
ident_lookup_access does not seem to work. It seems that as soon as my password
is checked I am allowed access, regardless of my IP address. If I change the order of http-access list then my IP address is checked(as expected) but no password prompt.
What is the solution or the difference?
Thanks in advance.
Received on Fri Jun 11 1999 - 09:37:03 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:50 MST