[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 7:14 AM
Subject: [squid-users] Problems with ACL max_user_ip
on squid2.5 stable3
good day. I want to discourage users from sharing
their passwords (or logging in from from more than
one
PC) so I use the max_user_ip -s
i am using authenticate_ip_ttl 20 minutes
and max_user_ip -s 1 but the problem persists.
what could be wrong?
The items you include from your squid.conf look good
(though a little over-complex). Could you post your
entire squid.conf (minus comments, of course)?
Adam
---
Outgoing mail is
here is my squid configuration -
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /usr/cache 100 16 256
debug_options ALL,1 33,2
auth_param ntlm program /etc/squid3/libexec/ntlm_auth
hq/dc01
auth_param ntlm children 3
auth_param ntlm
I would recommend you rewrite this section:
acl me src 192.168.0.0/24
http_access deny !me
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
acl onlyonce max_user_ip 1
http_access deny onlyonce
http_access allow authenticated
http_access deny all
to this:
[other acl lines]
tor 2003-07-10 klockan 16.02 skrev Adam Aube:
This makes your squid.conf easier to read and a
little more efficient. However, I do not see any
reason why you are having the problem you report.
I am of the opposite opiniton. I find it easier to read rules where acl
lines only relevant to one
curiously, if i login as domainname\username on both
machines, it works perfectly i.e i can only login as a
username from one machine, the other is denied but by
default, Windows shows the username as
machine\username and on supplying same password, squid
allows a login (i.e domainname\username
good day. I want to discourage users from sharing
their passwords (or logging in from from more than one
PC) so I use the max_user_ip -s ACL; and
in this configuration on squid-2.5-stable3-
acl me src 192.168.0.0/24
http_access deny !me
acl authenticated proxy_auth REQUIRED
http_access deny