[squid-users] proxy_auth and http_access deny rules

From: Brian J. Murrell <brian@dont-contact.us>
Date: Wed, 28 Feb 2007 18:40:11 -0500

I'm trying to set up rules that limit particular people to particular
time windows of use. So I have this:

acl brian proxy_auth brian
acl alice proxy_auth alice
acl wkday-22-12 time MTWTF 22:00-23:59
acl wkday-12-15 time MTWTF 00:00-15:00
acl no_auth_sites foo.bar.com domain.org

and then have some http_access rules:

http_access deny alice wkday-12-15
http_access deny alice wkday-22-12
http_access allow no_auth_sites

But it seems that I am getting a 407 trying to access foo.bar.com. If I
move the "http_access allow no_auth_sites" before the lines for alice,
I'm not required to authenticate.

This does make sense I guess, since it wants to see if I am alice to
decide if I should be prohibited.

So I guess the question is, how can I write a set of rules that:
      * allow access to some sites without authentication[1]
      * prohibit access to everything if a particular user is trying to
        access outside of allowed times and
      * require proxy authentication for everything else

Moving the "no_auth_sites" rules above the "alice" rules is not an
option because that would violate the second requirement.

Upon review of my three points, it doesn't seem possible, but I wonder
if I am missing something.

Thanx,
b.

[1] i.e. for computer maintenance -- where computers don't have accounts
for proxy access -- or worse, applications that don't support proxy
authentication)

-- 
My other computer is your Microsoft Windows server.
Brian J. Murrell

Received on Wed Feb 28 2007 - 16:40:20 MST

This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST