Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid 2.5pre7

>From: Henrik Nordström <hno@squid-cache.org>
>To: "Marco Berizzi" <pupilla@hotmail.com>
>CC: squid-users@squid-cache.org
>Subject: Re: [squid-users] acl max_user_ip / authenticate_ip_ttl in squid
>2.5pre7
>Date: Thu, 13 Jun 2002 19:00:32 +0200
>
>Marco Berizzi wrote:
>
> > Here is:
> >
> > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET http://www.cert.org/
> > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > 172.16.1.116 - - [13/Jun/2002:14:20:01 +0200] "GET http://www.cert.org/
> > HTTP/1.0" 407 1358 TCP_DENIED:NONE
> > 172.16.1.116 - aive\mberizzi [13/Jun/2002:14:20:01 +0200] "GET
> > http://www.cert.org/ HTTP/1.0" 403 1012 TCP_DENIED:NONE
>
>So the logging of the username did work, and we should remove that message
>from cache.log.
>
> > then I have clicked on the refresh button:
>[... allowed]
>
>Which shows that the functionality similar to that of
>"authenticate_ip_ttl_is_strict off".
>
>Checking in the source I see that there is a undocumented option to make
>max_user_ip strict. Try specifying -s before the number of allowed IP
>addresses.
>
> acl concurrent_browsing max_user_ip -s 1

My squid.conf now:

...
acl concurrent_browsing max_user_ip -s 10 ***(YES TEN)***
http_access deny concurrent_browsing
...

I can't browse from any wks now :-[
Now cache.log is always reporting:

XXX aclMatchUserMaxIP returned 0, somebody bla bla bla

PS: I have also tried to disable authenticate_ip_ttl,
but nothing has been changed. I have tested for both
NTLM and basic auth. Same behaviuor for both schema.

Any other idea?

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Received on Fri Jun 14 2002 - 03:10:29 MDT