[squid-users] Squid 3.4.8 helpers doesn't work how I want !
Amos Jeffries
squid3 at treenet.co.nz
Mon Apr 25 18:08:51 UTC 2016
On 26/04/2016 3:28 a.m., Jok Thuau wrote:
> On Mon, Apr 25, 2016 at 7:33 AM, Hack Ensolo wrote:
>
>> ### http_access rules
>> http_access allow manager localhost
>> http_access allow auth
>> http_access deny !auth
>> http_access allow kerbusers
>> http_access allow localnet
>> http_access deny manager
>> http_access deny all
>>
>>
> Since the rules are "first match", once you have "allow auth", squid is
> done. it will not look at the group membership (under "kerbusers").
>
> you should look at the acl type "all-of" and "any-of" to build your logic:
> acl authn_authz all-of auth kerbusers
>
> might be helpful and would make your config slightly easier to read...
I this simple case it will just make it a bit more confusing. Especially
since the admin is clearly not understanding the basics properly yet.
It also slows down Squid with additional authentication checks compared
to the config he does need.
>
> With that in mind, reconsider how you organize the rules...
>
Seconded. <http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes>
Amos
More information about the squid-users
mailing list