Try this # Deny everyone but our own network http_access deny !mynetwork
# Allow access to authenticated users http_access allow domainusers # And finally deny everything else to be on the safe side http_access deny all You can also try http_access allow mynetwork domainusers Whichever approach suits you best.. Regards Henrik On Friday 24 January 2003 19.32, Bob Avery-Babel wrote: > I'm having a hard time composing acls that work. I'm hoping someone > can help. Thanks for the previous tips, I am a little further. :-) > > I set up smb_auth to track connections by user name. That works > very well. squid prompts for a username and password. > > The problem is, that I can configure an external browser outside of > the network to use the proxy and I get a username and password > prompt there as well. > > I'm trying to figure out how to only have authentication be > available to users inside my network. > > Here are the acls I have now: > > acl domainusers proxy_auth REQUIRED > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl mynetwork src 192.168.0.0/24 > acl workmachine src 207.xxx.xxx.xxx > > http_access allow localhost > http_access allow mynetwork > http_access allow domainusers !workmachine > #http_access allow workmachine > http_access deny all > > So with the above ruleset I can access the authentication prompt > from every outside IP except my workstation which is outside of the > network. :-) > > Is there any acl that I could put in that would mention the > "outside network" and then make a line like this: > > http_access allow domainusers !outsidenetwork > > I thought I could add more restrictions to the group domainusers > but these lines didn't take when I tried to restart squid: > > acl domainusers src 192.168.0.0/24 #local network > acl domainusers src 207.xxx.xxx.xxx #my work machine, > external to the network > > I know I could block external requests to port 3128 but I'd like to > be able to figure it out from within squid. > > Thanks all! > > Bob
