Re: [squid-users] Squid ACL

From: <squid3@dont-contact.us>
Date: Fri, 6 Jul 2007 11:22:09 +1200 (NZST)

> Hello,
>
> i need to solve following problem.
> I have an ldap-server, which i use to authenticate the user.
> If the user is in the group, he has access to the group A. If the
> authentications fails, he has access to the group B.
>
> Can anyone tell me, how i can solve this problem.
>
> I have already have an authentication, but the problem is, that if the
> user tries to authenticate, but he has no rights, the
> authentication-window
> comes again and again. But the user has to be in the group
> to_domains_without_auth and the other domains should be blocked.
>
> So, the relevant code looks like:
>
> auth_param basic program /etc/squid/ldapauth.pl
> acl for_inetusers proxy_auth REQUIRED
>
> acl to_domains_without_auth dstdomain
> "/var/ipcop/proxy/advanced/acls/dst_noauth
> .acl"
>
>
> Can anyone help me?
>

Check the order of http_access * lines in your squid.conf.
They are processed in order, and for_inetusers needs to be preceeded by
any ACL that allow people through without Auth.

For example:

http_access allow anybody_without_auth
http_access allow for_inetusers
http_access deny all

Amos
Received on Thu Jul 05 2007 - 17:22:13 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT