Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid 2.5pre7

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 14 Jun 2002 23:36:07 +0200

I am having my night shift poking around in the Linux kernel.. I from
Sweden by the way.

Regards
Henrik

On Friday 14 June 2002 18:31, Marco Berizzi wrote:
> Thanks Henrik. Monday I will try the snapshot.
> Now I'm going home it's friday 18:30, I'm from Italy.
>
> Have a nice week-end.
>
>
> From: Henrik Nordström <hno@squid-cache.org>
>
> >To: "Marco Berizzi" <pupilla@hotmail.com>
> >CC: squid-users@squid-cache.org
> >Subject: Re: [squid-users] acl max_user_ip / authenticate_ip_ttl
> > in squid 2.5pre7
> >Date: Fri, 14 Jun 2002 18:25:46 +0200
> >
> >Right. Now the max_user_ip acl forgot the number of allowed IP's,
> > not allowing
> >any..
> >
> >Fixed in the next snapshot.
> >
> >Regards
> >Henrik
> >
> >Marco Berizzi wrote:
> > > From: Henrik Nordström <hno@squid-cache.org>
> > >
> > > >To: "Marco Berizzi" <pupilla@hotmail.com>
> > > >CC: squid-users@squid-cache.org
> > > >Subject: Re: [squid-users] acl max_user_ip /
> > > > authenticate_ip_ttl in
> >
> >squid
> >
> > > >2.5pre7
> > > >Date: Thu, 13 Jun 2002 19:00:32 +0200
> > > >
> > > >Marco Berizzi wrote:
> > > > > Here is:
> > > > >
> > > > > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET
> >
> >http://www.cert.org/
> >
> > > > > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > > > > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET
> >
> >http://www.cert.org/
> >
> > > > > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > > > > 172.16.1.116 - aive\mberizzi [13/Jun/2002:14:20:01 +0200]
> > > > > "GET http://www.cert.org/ HTTP/1.0" 403 1012
> > > > > TCP_DENIED:NONE
> > > >
> > > >So the logging of the username did work, and we should remove
> > > > that
> >
> >message
> >
> > > >from cache.log.
> > > >
> > > > > then I have clicked on the refresh button:
> > > >
> > > >[... allowed]
> > > >
> > > >Which shows that the functionality similar to that of
> > > >"authenticate_ip_ttl_is_strict off".
> > > >
> > > >Checking in the source I see that there is a undocumented
> > > > option to
> >
> >make
> >
> > > >max_user_ip strict. Try specifying -s before the number of
> > > > allowed IP addresses.
> > > >
> > > > acl concurrent_browsing max_user_ip -s 1
> > >
> > > My squid.conf now:
> > >
> > > ...
> > > acl concurrent_browsing max_user_ip -s 10 ***(YES TEN)***
> > > http_access deny concurrent_browsing
> > > ...
> > >
> > > I can't browse from any wks now :-[
> > > Now cache.log is always reporting:
> > >
> > > XXX aclMatchUserMaxIP returned 0, somebody bla bla bla
> > >
> > > PS: I have also tried to disable authenticate_ip_ttl,
> > > but nothing has been changed. I have tested for both
> > > NTLM and basic auth. Same behaviuor for both schema.
> > >
> > > Any other idea?
> > >
> > >
> > > _______________________________________________________________
> > >__ Chat with friends online, try MSN Messenger:
> > > http://messenger.msn.com
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp.
Received on Fri Jun 14 2002 - 18:45:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:42 MST