>
> > Well, I tried the following :
> > acl USER-ok CN surname.name
> > acl USER-ko CN ko1.ko1
> > http_access allow USER-ok
> > http_access deny USER-ko
> >
> > Both user can still browse.
> > Anything i forgot ?
>
>
> The acl statements is not using correct syntax. Should be
>
> acl USER-ok user_cert CN surname.name
> acl USER-ko user_cert CN ko1.ko1
>
> but I assume this is just a typo in your message. Please use
> "squid -k
> parse" to verify the syntax of your configuration.
It was just a typo in my message.
>
> The example above should work in principle, but does not
> really deny other
> users access. All this says is that the user surname.name is
> allowed and
> the user ko1.ko1 is not. Other users (or users who selected
> not to present
> a certificate) is not matched by these two rules.
well, typically, the user ko1 can access the site. So, I think the rule is
not taken in account.
>
> Make sure there is no other http_access rules before this
> allowing access,
> and that you do not allow access without a certificate.
>
> Please try
>
> http_access allow USER-ok
> http_access deny USER-ko
> http_access deny all
I tried it and now everybody is denied.
HELP !!
>
>
> It may also be worth mentioning that this feature of the SSL
> update patch
> is not very well tested as the customer who ordered this
> feature backed
> out just before delivery but MARA Systems selected to publish these
> additions to the SSL support regardless. I do remember it
> passing at least
> the basic tests and also have some memory of someone else
> actually using
> this successfully.
>
> Regards
> Henrik
>
