Hegedus, Ervin wrote:
> i use a Squid 2.5S6, with external_acl_helper: ip_user.
> here is the relevant part of config:
> external_acl_type SRC_IP %SRC %LOGIN
> /usr/local/squid/libexec/ip_user_check -f
> /usr/local/squid/libexec/ip_user_check.conf ... acl srcip external SRC_IP
> acl password proxy_auth REQUIRED
> http_access allow password
> http_access allow srcip
>
> and content of ip_usr_check.conf:
> 0.0.0.0/0.0.0.0 NONE
> 192.168.0.3/255.255.255.255 airween
> and i come from 192.168.0.2 - but Squid allow to browse.
> the auth pop-up comes, and check the correct user/password pair,
> but looks like up_user_check doesn't works this setting.
You've misconfigured your http_access lines. The "http_access allow
password" line triggers the authentication popup, and then allows the
connection once the username and password are verified. The srcip acl is
never checked.
This is explained in the Access Controls FAQ:
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
To correct this, simply remove the "http_access allow password" line. Since
the srcip acl requires the username (with the %LOGIN parameter), Squid will
still require authentication before checking that acl.
You can take out the password acl, also.
Adam
Received on Tue Jul 20 2004 - 16:58:45 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT