fre 2006-11-03 klockan 08:06 +0100 skrev Mark Elsen:
> > -----------------------------------------------------------------------
> > acl my_auth proxy_auth REQUIRED
> > acl google dstdomain .google.com
> > http_access allow my_auth
> > http_access deny google my_auth
> > http_access deny all
> >
> > In this case if the user requests www.google.com then the second
> > http_access line matches and triggers re-authentication. Remember: it's
> > always the last ACL on a http_access line that "matches".
> > -----------------------------------------------------------------------
>
> No, it's the first ACL on a http_access line that matches,
> in your case, the 2 last ones will never be reached.
The section is talking about deny_info and text is correct but the
config example broken for the reasons mentioned..
For deny_info it's the last acl on the http_access deny line that
matches.
In http_access it's the first http_access line matching the request that
tell if the request is allowed or denied. The rest of the http_access
lines is never reached.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:02 MST