On Thu, 19 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
KIOSK is an acl that list what ip can use that acl and KIOSK.dstdomain list what sites KIOSK can get to and it seems to work good. I did remove http_access deny KIOSK but when I tried to combine the two statements that I think I need,
Then you should use
http_access allow KIOSK KIOSK.dstdomain http_access deny KIOSK
That did not work the users in KIOSK can no longer access sites listed at KIOSK.dstdomain which is the goal.
Then something is wrong with either of these two acls.
http_access allow A http_access allow B
is very different from
http_access allow A B
The first allows access if either of the criterias is fulfilled. The second allows access only if both criterias is fulfilled. And this is one of many things of Squid access controls is what we try to explain in the Squid FAQ chapter 10 introduction.
But the source of your authentication problem is most likely my last comment. Somewhere you need to allow the request before it is denied, and denying some stuff just before you deny all access does not make much sense does it?
Regards Henrik
