[squid-users] Squid 3.4.8 helpers doesn't work how I want !

Jok Thuau jok at spikes.com
Mon Apr 25 15:28:41 UTC 2016


On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo <hackensolo at gmail.com> wrote:

> ### http_access rules
> http_access allow manager localhost
> http_access allow auth
> http_access deny !auth
> http_access allow kerbusers
> http_access allow localnet
> http_access deny manager
> http_access deny all
>
>
Since the rules are "first match", once you have "allow auth", squid is
done. it will not look at the group membership (under "kerbusers").

you should look at the acl type "all-of" and "any-of" to build your logic:
acl authn_authz all-of auth kerbusers

might be helpful and would make your config slightly easier to read...

With that in mind, reconsider how you organize the rules...

Jok
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160425/9a9ce3f5/attachment.html>


More information about the squid-users mailing list