[squid-users] 回复:Re: [squid-users] An acl problem. from maillist151@dont-contact.us on 2002-07-07 (squid-users)

From: <maillist151@dont-contact.us>
Date: Mon, 8 Jul 2002 12:04:05 +0800 (CST)

Thanks, Henrik!

I have read all your explanations. It helps a lot.

I think if my squid.conf like this,

--------
acl foo proxy_auth REQUIRED
acl bar proxy_auth lisa sarah frank joe
acl daytime time 08:00-17:00
acl all src 0/0
http_access allow bar
http_access allow foo daytime
http_access deny all
--------

Suppose we have 5 users, lisa, sarah, frank, joe and
tom, then the first 4 users will match the following
acl statement,

--------
"http_access allow bar"
--------

the user tom will match the following statement,

--------
"http_access allow foo daytime"
--------

Am I correct?

Cheers,
Erik

----- 原文 -----
From: Henrik Nordstrom
To: maillist151@sohu.com ;squid-users@squid-cache.org
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] An acl problem.
Sent: Sun Jul 07 22:45:29 CST 2002

> On Sunday 07 July 2002 16.10, maillist151@sohu.com wrote:
>
> > I read some manual about the term "REQUIRED" and stilled puzzled
> > about the function of the term, can you give me an explanation?
> > ( Better give me a example. :-) )
>
>
> REQUIRED is just a wildcard to match any valid user.
>
> proxy_auth is just a ACL like the others, taking a list of valid
> usernames this acl name matches (like dstdomain takes a list of
> domains, src a list of ip addresses/networks etc..).
>
> > Another question, I am puzzled about the term "foo" here. Is that
> > a username or something else?
>
> A acl name of your liking. Is what connects http_access to the list of
> usernames in the acl... has no meaning outside your sqiud.conf.
>
> The names foo and bar are commonly used in examples to indicate
> "something of your liking", inteneded to be replaced by a name you
> find suitable for your situation.
>
> > I find the meaning of term "bar" is
> > easy to understand but I can not understand the meaning of "foo".
>
> No different than "bar". Both are just names of the acl definitions in
> the example, to separate the two from each other.
>
>
> Your squid.conf could just as well read
>
> acl all src 0/0
>
> # Allow VIP persons access all the time
> acl vip_users proxy_auth lisa sarah frank joe
> http_access allow vip_users
>
> # Other users may only browse during daytime
> acl daytime time 08:00-17:00
> acl all_users proxy_auth REQUIRED
> http_access allow other_users daytime
>
> # Deny all else
> http_access deny all
>
>
> The above is 100% identical to your configuration, except for changes
> in internal names of the acls and the addition of some comments
> explaining what the rules does..
>
>
> Regards
> Henrik
>
Received on Sun Jul 07 2002 - 22:04:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:11 MST