This is a discussion on Re: [squid-users] Tag: deny_info question - squid ; On Wed, 25 Feb 2004, OTR Comm wrote: > Hello, > > > deny_info uses the last acl on the http_access line denying access, so by > > defining "dummy" acls which always matches you can have detailed control > ...
On Wed, 25 Feb 2004, OTR Comm wrote:
> Hello,
>
> > deny_info uses the last acl on the http_access line denying access, so by
> > defining "dummy" acls which always matches you can have detailed control
> > per http_access line which deny_info message is used.
>
> Can you give me an example of a "dummy" acl that always matches?
acl somename src 0.0.0.0/0
> http_access allow password
>
> http_access deny ADVERTISE
>
> http_access allow our_networks
In the above only the first http_access directive will ever be used.
Un-authenticated users will be prompted for authentication, and all
authenticated users are allowed access, so the following http_access
directives will never be reached.
I think you want somehting like this:
http_access deny ADVERTISE
http_access allow our_networks password
http_access deny all
or maybe
http_access deny !our_networks
http_access deny ADVERTISE
http_access allow password
http_access deny all
As for when/how to use deny_info this depends on what you want to
accomplish.
Regards
Henrik
