Re: [squid-users] can not access sites due to acl when using ntlm auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 20 Aug 2004 00:00:12 +0200 (CEST)

On Thu, 19 Aug 2004 Jim_Brouse/PYT@PASCUAYAQUITRIBE.ORG wrote:

> KIOSK is an acl that list what ip can use that acl and KIOSK.dstdomain
> list what sites KIOSK can get to and it seems to work good. I did remove
> http_access deny KIOSK but when I tried to combine the two statements that
> I think I need,

Then you should use

http_access allow KIOSK KIOSK.dstdomain
http_access deny KIOSK

> That did not work the users in KIOSK can no longer access sites listed at
> KIOSK.dstdomain which is the goal.

Then something is wrong with either of these two acls.

http_access allow A
http_access allow B

is very different from

http_access allow A B

The first allows access if either of the criterias is fulfilled. The
second allows access only if both criterias is fulfilled. And this is one
of many things of Squid access controls is what we try to explain in the
Squid FAQ chapter 10 introduction.

But the source of your authentication problem is most likely my last
comment. Somewhere you need to allow the request before it is denied, and
denying some stuff just before you deny all access does not make much
sense does it?

Regards
Henrik
Received on Thu Aug 19 2004 - 16:00:14 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT