I do not quite make sense of your groups and http_access rules.. can you
describe the purpose of each group you have, and if users may belong to
multiple groups or only one group?
Remember that http_access is a ordered list of rules, and the first rule
who fully matches the request tells if the request is to be allowed or
denied. If the http_access line does not fully match the request then
processing continues on the next line.
But your debug logs is very confusing. Does not seem to match the
http_access lines you posted, or even make sense.. Have you abbrevated
your logs, skipping some "The request .... is ... because it matched
..."??
Note: The "The reply for..." messages is irrelevant here. Those are from
http_reply_access processing.
Regards
Henrik
tis 2002-11-12 klockan 11.14 skrev Michael Fuller / Hotmail:
> Hi all,
>
> I am trying to implement squid_ldap_group in our network. I want to
> construct an acl which will permit a group of users to browse ONLY during
> 12:30 to 14:00 hrs, Monday to Saturday. However, these users are being
> denied access at all times. The relevent lines from squid.conf are pasted
> below, along with the logs for the ACL.
> http_access allow permit_intranet
> http_access deny no_porn_domain
> http_access deny no_warez_domain
> http_access deny no_ad_domain
>
> http_access allow ldap_lunchbrowse permit_lunchtime
> http_access allow ldap_browse
>
> http_access deny ldap_notbrowse
> http_access deny all
Received on Tue Nov 12 2002 - 06:34:37 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:17 MST