On Thu, 3 Nov 2005, Derrick MacPherson wrote:
> I have:
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access allow AuthorizedUsers
>
> If I want to no authorization requested from the allowed_hosts but they
> can still access, can it be done with something like:
>
> acl allowed_hosts src "/root/allowed_hosts"
> http_access allow allowed_hosts
> acl AuthorizedUsers proxy_auth REQUIRED !allowed_hosts
> http_access allow AuthorizedUsers
Almost, only that the !allowed_hosts should be on the http_access line,
not the acl line..
also it's actually redundant. The http_access line above takes care of all
allowed_hosts. No allowed_hosts will be seen by Squid below that line. But
it's good to limit access to your networks only
I would use something along the following lines:
# Allow allowed_hosts without authentication
acl allowed_hosts src "/root/allowed_hosts"
http_access allow allowed_hosts
# The rest of our network requires authentication
acl AuthorizedUsers proxy_auth REQUIRED
acl my_networks src "/root/my_networks"
http_access allow my_networks AuthorizedUsers
# And finally deny all else
http_access deny all
Regards
Henrik
Received on Thu Nov 03 2005 - 15:40:59 MST
This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST