Re: [squid-users] ACLs and localhost

From: paul cooper <pdcooper@dont-contact.us>
Date: Tue, 25 Mar 2008 15:07:47 -0000 (UTC)

so is what i want to do actually possible ?

unixlogin emma logged into VT7
unixlogin andrew -> VT8

web page request from either -> squid requests login

if its emma & !testing -> access denied
if its emma & testing -> access allowed

switch to VT8 ( andrews desktop)
web page request -> squid requests login
if its andrew -> access allowed
if its emma && !testing (eg kids messing around) -> access denied

hepworth squid # grep ^auth_param /etc/squid/squid.conf
auth_param basic program /usr/libexec/squid/ncsa_auth /etc/squid/htpasswd
hepworth squid # grep ^acl /etc/squid/squid.conf | grep -v '#'
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl purge method PURGE
acl CONNECT method CONNECT
acl andrew proxy_auth REQUIRED
acl emma proxy_auth REQUIRED
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl testing time MTWHF 07:30-08:00
hepworth squid # grep ^http /etc/squid/squid.conf | grep -v '#'
http_port 3128
http_access allow emma testing
http_access allow andrew
http_access deny all
hepworth squid #

008/03/25 15:04:03| aclMatchIp: '127.0.0.1' found
2008/03/25 15:04:03| aclMatchAclList: returning 1
2008/03/25 15:04:03| aclCheck: checking 'http_access allow emma testing'
2008/03/25 15:04:03| aclMatchAclList: checking emma
2008/03/25 15:04:03| aclMatchAcl: checking 'acl emma proxy_auth REQUIRED'
2008/03/25 15:04:03| aclCacheMatchAcl: cache hit on acl '0x82a7cc8'
2008/03/25 15:04:03| aclMatchAclList: checking testing
2008/03/25 15:04:03| aclMatchAcl: checking 'acl testing time MTWHF
07:30-08:00'
2008/03/25 15:04:03| aclMatchTime: checking 904 in 450-480, weekbits=3e
2008/03/25 15:04:03| aclMatchAclList: no match, returning 0
2008/03/25 15:04:03| aclCheck: checking 'http_access allow andrew '
2008/03/25 15:04:03| aclMatchAclList: checking andrew
2008/03/25 15:04:03| aclMatchAcl: checking 'acl andrew proxy_auth REQUIRED'
2008/03/25 15:04:03| aclCacheMatchAcl: cache hit on acl '0x82a7d38'

but i havent AFAIK logged in , in this browser session, as andrew ( the
browser cache is flushed when its closed

so is this login stored in the cache somewhere ?
I need to flush the cache when i change user ?

2008/03/25 15:04:03| aclMatchAclList: returning 1
2008/03/25 15:04:03| aclCheck: match found, returning 1
2008/03/25 15:04:03| aclCheckCallback: answer=1
2008/03/25 15:04:03| The request GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'andrew'
2008/03/25 15:04:03| aclCheck: checking 'cache deny QUERY'
2008/03/25 15:04:03| aclMatchAclList: checking QUERY
2008/03/25 15:04:03| aclMatchAcl: checking 'acl QUERY urlpath_regex
cgi-bin \?'
2008/03/25 15:04:03| aclMatchRegex: checking '/favicon.ico'
2008/03/25 15:04:03| aclMatchRegex: looking for 'cgi-bin'
2008/03/25 15:04:03| aclMatchRegex: looking for '\?'
2008/03/25 15:04:03| aclMatchAclList: no match, returning 0
2008/03/25 15:04:03| aclCheck: NO match found, returning 1
2008/03/25 15:04:03| aclCheckCallback: answer=1
2008/03/25 15:04:03| aclCheckFast: list: 0x8481608
2008/03/25 15:04:03| aclMatchAclList: checking all
2008/03/25 15:04:03| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/25 15:04:03| aclMatchIp: '127.0.0.1' found
2008/03/25 15:04:03| aclMatchAclList: returning 1
2008/03/25 15:04:03| aclCheck: checking 'http_reply_access allow all'
2008/03/25 15:04:03| aclMatchAclList: checking all
2008/03/25 15:04:03| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/25 15:04:03| aclMatchIp: '127.0.0.1' found
2008/03/25 15:04:03| aclMatchAclList: returning 1
2008/03/25 15:04:03| aclCheck: match found, returning 1
2008/03/25 15:04:03| aclCheckCallback: answer=1
2008/03/25 15:04:03| The reply for GET http://grolma.no-ip.org/favicon.ico
is ALLOWED, because it matched 'all'
Received on Tue Mar 25 2008 - 09:07:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT