On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo <hackens...@gmail.com> wrote:
> ### http_access rules > http_access allow manager localhost > http_access allow auth > http_access deny !auth > http_access allow kerbusers > http_access allow localnet > http_access deny manager > http_access deny all > > Since the rules are "first match", once you have "allow auth", squid is done. it will not look at the group membership (under "kerbusers"). you should look at the acl type "all-of" and "any-of" to build your logic: acl authn_authz all-of auth kerbusers might be helpful and would make your config slightly easier to read... With that in mind, reconsider how you organize the rules... Jok
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
