On Wed, Nov 25, 2009 at 1:02 PM, Gary Bennett <benngl_at_shands.ufl.edu> wrote:
> Thanks for the reference, Amos. However, how do you set specific ACLs for each interface?
> That is, don't see a method for saying that we want 1.1.1.100 to be LDAP auth, but not 1.1.1.101. Thanks, again.
You simply need not to depend on any user-identity clause. E.g.
structure your http_access lines as:
acl ipauth myip the_right_ip
acl okdests dst net1 net2 net3..
acl safe_ports ... # the snippets from the configuration interface
acl userdb proxy_auth user1 user2 ...
http_access allow http safe_ports ipauth okdests
http_access deny ipauth
http_access allow http safe_ports userdb
http_access deny all
Notice that this is an EXAMPLE: it misses protecting cachemgr, https,
ftp and all the other goodies which the default config takes care of.
--
/kinkie
Received on Wed Nov 25 2009 - 13:11:40 MST
This archive was generated by hypermail 2.2.0 : Wed Nov 25 2009 - 12:00:06 MST