On 31/05/11 22:22, Vipul Gupta wrote:
Hello All,
I am a new-be here. I am creating two acl's one for hosts and another
with users. The config is given below
acl AuthUser proxy_auth REQUIRED
acl allowedHost src "/etc/squid/guard/privileged/testRule-ip"
acl allowedUser proxy_auth "/etc/squid/guard/privileged/testRule-user"
acl max_con maxconn 50
http_access deny allowedHost allowedUser max_con
deny_info ERR_TOOMANY_CONN allowedHost allowedUser max_con
deny_info takes *one* name for the ACL whose deny match will display it.
http_reply_access allow allowedHost allowedUser
http_access allow allowedHost allowedUser
Those two lines do the same thing. You do not need to check the reply if
the request is already validated the same.
http_access allow AuthRequred
http_reply_access allow all
http_access deny all
The value of acls are:
allowedHost: 10.10.100.10, 10.10.100.20
allowedUser: test1, test2
Everything else is blocked. The problem is I want only allowedUser to
access internet from allowedHost, But I am able to access internet
from other hosts also using same user names.
Due to "http_access allow AuthRequred" - anyone who can login is allowed.
Use this:
deny_info ERR_TOOMANY_CONN max_con
http_access deny !allowedHost
http_access deny max_con
http_access deny !AuthRequred
http_access allow allowedUser
http_access deny all
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.8 and 3.1.12.2
