Re: [squid-users] proxy_auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 23 Oct 2001 15:29:55 +0200

Krzysztof Szewczyk wrote:
>
> This is still not the answer for my question, sorry.
> If I do:
>
> acl intranet dst 10.40.0.0/255.255.0.0
> acl friends dst 10.30.0.0/255.255.0.0
> acl foo proxy_auth REQUIRED
>
> http_access allow intranet
> http_access allow friends
> http_access allow foo
>
> then WHAT I should to force users to logon if they ask for url (this host
> is in friends network) with '/apps/foo'

Start by writing down exact list if what you want to allow/deny, written
in plain english propositions with no "except" clauses (instead order
them with exceptions first), then translate it literally to http_access
and required acl directives

Example:

   I want to allow everyone access to the intranet

   I want users to log in to access /apps/foo in my friends network

   Anything else is forbidden

acl intranet dst 10.40.0.0/255.255.0.0
http_access allow intranet

acl login proxy_auth REQUIRED
acl foo urlpath_regex ^/apps/foo
acl friends dst 10.30.0.0/255.255.0.0
http_access allow login foo friends

http_access deny all

Note: For technical reasons, the foo http_access rule is better written
"http_access allow friends foo login", as proxy_auth ACL's have the side
effect of requiring the user to log in if the ACL is even touched by
http_access.

> Maybe this is not possible to achive with Squid?

Everything is possible vith Squid ;-)

Regards
Henrik Nordström
Squid Hacker
Received on Tue Oct 23 2001 - 07:29:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:04 MST