Georgy Salnikov wrote:
> we would like that only authoritative users could get the fast and costly
> peer while other users be transparently switched by Squid to the slower
> channels. This is easily achieved via the cache_peer_access allow/deny
> clauses as long as all users on the same Unix host are allowed (or denied)
> in the same time. If we wish to allow some users and to deny others from the
> same client host, then we need to use IDENT ACLs in the cache_peer_access
> parameter.
What we can try to allow the ident to be used IFF it has first been
requested by http_access. What is needed to do this is to make the
request inherit the rfc931 value from the client connection and then use
this when making the checklist in peerAllowedToUse.
Note: If you do not want to perform authorization based on ident, then
use a dummy line that only forces the ident lookup
acl ident ident REQUIRED
http_access deny ident !all
Passing the client connection down to peerAllowedToUse won't do.
-- Henrik Nordstrom Squid HackerReceived on Fri Jun 22 2001 - 19:20:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:04 MST