Hegedus, Ervin wrote: > i use a Squid 2.5S6, with external_acl_helper: ip_user. > here is the relevant part of config:
> external_acl_type SRC_IP %SRC %LOGIN > /usr/local/squid/libexec/ip_user_check -f > /usr/local/squid/libexec/ip_user_check.conf ... acl srcip external SRC_IP > acl password proxy_auth REQUIRED > http_access allow password > http_access allow srcip > > and content of ip_usr_check.conf: > 0.0.0.0/0.0.0.0 NONE > 192.168.0.3/255.255.255.255 airween > and i come from 192.168.0.2 - but Squid allow to browse. > the auth pop-up comes, and check the correct user/password pair, > but looks like up_user_check doesn't works this setting. You've misconfigured your http_access lines. The "http_access allow password" line triggers the authentication popup, and then allows the connection once the username and password are verified. The srcip acl is never checked. This is explained in the Access Controls FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-10.html To correct this, simply remove the "http_access allow password" line. Since the srcip acl requires the username (with the %LOGIN parameter), Squid will still require authentication before checking that acl. You can take out the password acl, also. Adam
