ons 2009-09-09 klockan 12:02 +0530 skrev Avinash Rao:
> http_access allow staffgroup
> http_access allow student staffgroup
The above is wrong.
The first directive allows everyone in staffgroup without restriction,
which means the second can not be reached. Squid uses the first
http_access line matching the request to determine if the request is
allowed or denied, any http_access rules following that is ignored.
> I am wondering if its really checking the NT group? I also tried using
> the squid_unix_group option, but the result was the same.
It most likely is, assuming you have no "proxy_auth REQUIRED" acl used
in parts of squid.conf not shown here.
> http_access deny extndeny
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
>
> #http_access allow friends WORKING
> #http_access deny friends
> http_access deny abc
> http_access deny videos
>
> http_access deny !AuthUsers
Ok.
> http_access allow staffgroup
> http_access allow student staffgroup
See above for why this is wrong. I guess the first of the two should
go..
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
There is a "deny purge" rule missing here.
And the whole block should be before your custom rules (i.e. first rules
in http_access).
> #http_access allow special_urls
> #http_access deny extndeny download
> http_access deny badurl
> #http_access deny malware_block_list
> #deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
This deny need to go before where you allow access to be effective. But
maybe it is.. Not entirely obvious to me who should get denied and who
not.
> http_access allow localhost
> http_access allow lan
> http_access deny all
Ok.
Regards
Henrik
Received on Wed Sep 09 2009 - 07:26:48 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 10 2009 - 12:00:02 MDT