Right. Now the max_user_ip acl forgot the number of allowed IP's, not allowing
any..
Fixed in the next snapshot.
Regards
Henrik
Marco Berizzi wrote:
> From: Henrik Nordström <hno@squid-cache.org>
>
> >To: "Marco Berizzi" <pupilla@hotmail.com>
> >CC: squid-users@squid-cache.org
> >Subject: Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid
> >2.5pre7
> >Date: Thu, 13 Jun 2002 19:00:32 +0200
> >
> >Marco Berizzi wrote:
> > > Here is:
> > >
> > > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET http://www.cert.org/
> > > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET http://www.cert.org/
> > > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > > 172.16.1.116 - aive\mberizzi [13/Jun/2002:14:20:01 +0200] "GET
> > > http://www.cert.org/ HTTP/1.0" 403 1012 TCP_DENIED:NONE
> >
> >So the logging of the username did work, and we should remove that message
> >from cache.log.
> >
> > > then I have clicked on the refresh button:
> >
> >[... allowed]
> >
> >Which shows that the functionality similar to that of
> >"authenticate_ip_ttl_is_strict off".
> >
> >Checking in the source I see that there is a undocumented option to make
> >max_user_ip strict. Try specifying -s before the number of allowed IP
> >addresses.
> >
> > acl concurrent_browsing max_user_ip -s 1
>
> My squid.conf now:
>
> ...
> acl concurrent_browsing max_user_ip -s 10 ***(YES TEN)***
> http_access deny concurrent_browsing
> ...
>
> I can't browse from any wks now :-[
> Now cache.log is always reporting:
>
> XXX aclMatchUserMaxIP returned 0, somebody bla bla bla
>
> PS: I have also tried to disable authenticate_ip_ttl,
> but nothing has been changed. I have tested for both
> NTLM and basic auth. Same behaviuor for both schema.
>
> Any other idea?
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
Received on Fri Jun 14 2002 - 10:25:52 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:41 MST