Hello guys,
I have a problem configuring squid basic ACL.
Here is what I need:
- Allow only requests on port 80 (PORT80)
- Allow to join certain domain (DOMAINS)
- Allow to get xml files (XML)
- Authenticated users can get whatever they want on any std ports (AUTH)
The rules should be order as is: AUTH or (PORT80 and (XML or
DOMAINS)). At the begening the rule AUTH did not exist. My ACL looked
like this:
>acl network src 10.0.0.0/8
>
>acl rule_port80 port 80
>
>acl rule_domain domain eplf2.intel-lehren.de
>acl rule_domain domain database.clamav.net
>acl rule_domain domain gouv.fr
>acl rule_domain domain cnr.groupe-sigma.com
>
>acl rule_rep_header rep_header Content-Type -i ^text/xml
>acl rule_rep_header rep_header Content-Type -i ^application/xml
>acl rule_rep_header rep_header Content-Type -i ^application/xhtml+xml
>acl rule_rep_header rep_header Location -i ^.
>
>http_access allow network rule_port80
>http_access deny network all
>
>http_reply_access allow network rule_domain
>http_reply_access allow network rule_rep_header
>http_reply_access deny network all
Then I had to add the AUTH rule. here is the lines I added:
>auth_param basic program /usr/local/oss/squid/libexec/ncsa_auth \
> /usr/local/oss/squid/etc/passwd
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hours
>auth_param basic casesensitive off
>acl auth_users proxy_auth REQUIRED
>
># Just before the "http_reply_access deny network all" line
>http_reply_access allow all auth_users
And guess what ? I doesn't work :(
The proxy_auth conf is fine cause I tested to use the auth_users rule
in http_access and it works as expected.
Is there a problem when using in conjunction http_replay_access et a
proxy_auth rule ? Or did I do something wrong in my conf ?
Thanks for your answers
++ Jerome
Received on Tue Jun 10 2008 - 12:58:37 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 11 2008 - 12:00:05 MDT