The advice that I gave to Jay came from this FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-15.html
The specific recommendation there is: acl foo ident REQUIRED http_access allow foo My personal implementation is: acl identhosts ident REQUIRED http_access allow identhosts (I'm not big into foo.) And my last http_access line was already: http_access deny all In my case, this eliminates the problem by requiring squid to have the ident before proceeding, even if that means delaying the http request while waiting on the ident. While I was using the squid debug switches (mentioned in previous posts) I discovered that I was being granted access to squid under a different ACL than I expected (as a result of an error I made 18 months ago!). So, my previous testing of ident REQUIRED (a good while back) wasn't really testing it at all. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Jay Turner > Sent: Sunday, October 06, 2002 8:53 PM > To: [EMAIL PROTECTED] > Subject: RE: Ident > > > I too made the changes below and after about 20 minutes of testing, it > appears to be working correctly. > Could someone briefly explain why this works? I'm having some trouble > understanding how this "fixes" the problem. > > As I read it, this rule would be denying any non-null ident requests. Isn't > that the opposite of what we want? > # use REQUIRED to accept any non-null ident. > > Thanks to everyone for their feedback > > Regards > Jay > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Neil Watson > Sent: Saturday, 5 October 2002 9:18 PM > To: [EMAIL PROTECTED] > Subject: Ident > > > Hello all, > > Following Rick's advice, I added these lines to my squid.conf file: > > acl do_ident ident REQUIRED > 1437 acl none src 0.0.0.0/32 > http_access deny do_ident none > > It seems to be working. As I continue to test I'll keep you posted. > > Special thanks to Rick for his tenaciousness. > > -- > Neil Watson > Network Administrator > watson-wilson.ca > > > > > >
