Thanks Henrik. Monday I will try the snapshot.
Now I'm going home it's friday 18:30, I'm from Italy.
Have a nice week-end.
>From: Henrik Nordström <hno@squid-cache.org>
>To: "Marco Berizzi" <pupilla@hotmail.com>
>CC: squid-users@squid-cache.org
>Subject: Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid
>2.5pre7
>Date: Fri, 14 Jun 2002 18:25:46 +0200
>
>Right. Now the max_user_ip acl forgot the number of allowed IP's, not
>allowing
>any..
>
>Fixed in the next snapshot.
>
>Regards
>Henrik
>
>Marco Berizzi wrote:
> > From: Henrik Nordström <hno@squid-cache.org>
> >
> > >To: "Marco Berizzi" <pupilla@hotmail.com>
> > >CC: squid-users@squid-cache.org
> > >Subject: Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in
>squid
> > >2.5pre7
> > >Date: Thu, 13 Jun 2002 19:00:32 +0200
> > >
> > >Marco Berizzi wrote:
> > > > Here is:
> > > >
> > > > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET
>http://www.cert.org/
> > > > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > > > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET
>http://www.cert.org/
> > > > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > > > 172.16.1.116 - aive\mberizzi [13/Jun/2002:14:20:01 +0200] "GET
> > > > http://www.cert.org/ HTTP/1.0" 403 1012 TCP_DENIED:NONE
> > >
> > >So the logging of the username did work, and we should remove that
>message
> > >from cache.log.
> > >
> > > > then I have clicked on the refresh button:
> > >
> > >[... allowed]
> > >
> > >Which shows that the functionality similar to that of
> > >"authenticate_ip_ttl_is_strict off".
> > >
> > >Checking in the source I see that there is a undocumented option to
>make
> > >max_user_ip strict. Try specifying -s before the number of allowed IP
> > >addresses.
> > >
> > > acl concurrent_browsing max_user_ip -s 1
> >
> > My squid.conf now:
> >
> > ...
> > acl concurrent_browsing max_user_ip -s 10 ***(YES TEN)***
> > http_access deny concurrent_browsing
> > ...
> >
> > I can't browse from any wks now :-[
> > Now cache.log is always reporting:
> >
> > XXX aclMatchUserMaxIP returned 0, somebody bla bla bla
> >
> > PS: I have also tried to disable authenticate_ip_ttl,
> > but nothing has been changed. I have tested for both
> > NTLM and basic auth. Same behaviuor for both schema.
> >
> > Any other idea?
> >
> >
> > _________________________________________________________________
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Received on Fri Jun 14 2002 - 10:31:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:41 MST