> -----Original Message-----
> From: Carinus Carelse [mailto:carinus.carelse@mrc.ac.za]
> Sent: Tuesday, May 10, 2005 9:33 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] {Spam?} acl help please
>
>
> I have a program that synchronises using the proxy. however I keep
> getting this error message in the cache.log file.
>
> 2005/05/11 08:25:51| The request CONNECT ip number:port is DENIED,
> because it matched 'password'
>
> Ho can I bypass the password acl I have and allow the CONNECT method
> just for the ipnumber:port .
>
> Carinus
>
A couple new ACLs like:
acl specialAddress dst 1.2.3.4/32
acl specialPort port 5678
Then (assuming that your proxy authentication acl is named "password")
change your proxy auth line to
http_access deny !password !CONNECT !specialAddress !specialPort
This should block any non-authenticated request to anywhere but 1.2.3.4:5678
without opening your proxy to allow just ANYONE to surf to that IP
address:port
Otherwise, if this program is run from one specific computer, you could use
a src acl like:
acl specialClient src 4.3.2.1/32
acl specialAddress dst 1.2.3.4/32
acl specialPort port 5678
Then above the http_access deny !password control, a line like:
http_access allow specialClient CONNECT specialAddress specialPort
will allow that computer to CONNECT to that ip and port without
authentication, but will require any other computer to authenticate to reach
it.
Chris
Received on Wed May 11 2005 - 11:26:01 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT