RE: [squid-users] Acl max_user_ip strange behavior? from M J on 2004-04-03 (squid-users)

From: M J <mjardeli@dont-contact.us>
Date: Sat, 03 Apr 2004 09:52:17 -0300

All just one question,
I had one acl that some URLs can be accessed without authentication, but
when I put this acl before the acl max_user_ip users can go through without
authentication but if I put it after squid just ignore acl and ask for
authentication. Is that behavior right ?

Users dont need to authenticate

acl whitelist url_regex -i "/usr/local/squid/etc/acls/whitelist"
acl ip_unico max_user_ip -s 1
http_access allow whitelist
http_access deny ip_unico
http_access allow !deny_range !blacklist !download ldapauth

Users do need to authenticate

acl whitelist url_regex -i "/usr/local/squid/etc/acls/whitelist"
acl ip_unico max_user_ip -s 1
http_access deny ip_unico
http_access allow whitelist
http_access allow !deny_range !blacklist !download ldapauth

Brgds,

>From: "M J" <mjardeli@hotmail.com>
>To: squid-users@squid-cache.org
>Subject: RE: [squid-users] Acl max_user_ip
>Date: Fri, 02 Apr 2004 14:54:26 -0300
>
>Using in this way it is working fine. Sorry for bothering,
>
>authenticate_ttl 3 hour
>authenticate_ip_ttl 60 seconds
>
>acl ip_unico max_user_ip -s 1
>
>http_access deny ip_unico
>http_access allow !deny_range !blacklist !download ldapauthentication
>
>Brgds,
>
>>From: "M J" <mjardeli@hotmail.com>
>>To: squid-users@squid-cache.org
>>Subject: [squid-users] Acl max_user_ip Date: Fri, 02 Apr 2004 12:31:54
>>-0300
>>
>>Hi I´m trying to use max_user_ip acl but I am doing something wrong,
>>because I had implemented it and tried to use the proxy from different ip.
>>Well exactly after I use from my machine the different ip is denied, great
>>this is what I need. Then I waited 300 seconds to try it again and I just
>>can´t.
>>Only from the first machine I can access even after waiting the
>>authenticate_ip_ttl time.
>>
>>Here follow the the conf lines related to the problem (at least i think)
>>
>>authenticate_ttl 3 hour
>>authenticate_ip_ttl 60 seconds
>>
>>acl ip_unico max_user_ip -s 1
>>
>>http_access allow !deny_range !blacklist !download ip_unico
>>ldapauthentication
>>
>>squid -v
>>Squid Cache: Version 2.5.STABLE5-20040318
>>configure options: --enable-removal-policies=heap
>>--enable-storeio=diskd,ufs --enable-default-err-language=English
>>'--enable-err-languages=English Portuguese'
>>--enable-basic-auth-helpers=LDAP
>>
>>When I put
>>acl ip_unico max_user_ip -s 0
>>I can use from both machines at same time
>>Many thanks in advance for your help,
>>
>>PS .: is the measurement time "seconds" right ?
>>
>>_________________________________________________________________
>>MSN Messenger: converse com os seus amigos online.
>>http://messenger.msn.com.br
>>
>
>_________________________________________________________________
>MSN Messenger: converse com os seus amigos online.
>http://messenger.msn.com.br
>

_________________________________________________________________
MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
Received on Sat Apr 03 2004 - 05:52:22 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:01 MDT