[squid-users] Block a web just for a group inside another group, or how?
Amos Jeffries
squid3 at treenet.co.nz
Mon Dec 4 23:16:43 UTC 2017
On 05/12/17 11:59, erdosain9 wrote:
> But, that's exactly the problem.
>
> Thats what i do.
> I do a have this large group
> i-full
> and a small group with a few users from i-full, the small group is called
> i-restringidos.
>
> And put i-restringidos in the top... (as you can see in my config file)
>
> But, is not working. They can go trough the web i try to block.
> If i delete the user from i-full, then yes, works... (the users then is just
> in i-restringidos).
>
So lets look at your config. These are the relevant lines:
> http_access allow sin_autenticacion
> http_access allow i-restringidos !restringidos
> http_access allow i-limitado !dominios_denegados
> http_access allow i-full !dominios_denegados
> http_access allow localhost
The first thing you do is ALLOW for anyone who can login. End of story.
Nothing more to check, they are allowed.
*otherwise* ... (for clients who are not authenticated) their group
i-restringidos is checked. Group for a not-authenticated client is
impossible. Go to next line.
*otherwise* ... group i-limitado is checked. Group for a
not-authenticated client is impossible. Go to next line.
*otherwise* ... group i-full is checked. Group for a not-authenticated
client is impossible. Go to next line.
*otherwise* ALLOW if the client is on localhost.
Do you understand what is going wrong there?
Amos
More information about the squid-users
mailing list