> Rick Matthews wrote:
>
>
> I don't like using the default acl for my users. I'd much rather
> identify my users and deal with them as a source group(s), and leave
> the default acl for the people I don't know. That always seems to
> work better.
>
>
> default {
> pass none
> redirect http://10.8.16.7/no-access-allowed.html
> log blocked.log
> }
>
>
I've looked at implementing this suggestion and like some of what it
would allow me to do. The problem I've run into is that the squid
cachemgr.cgi will no longer run correctly with the default acl set to
pass none. The cgi comes and I can authenticate but I don't see the list
of items I should see from the cachemgr.cgi script.
Here is my default acl. The cgi works as it sits now. If I comment out
the first pass statement and uncomment 'pass none' cachemgr.cgi dies.
default {
pass !local-block local-ok !ads !aggressive !drugs
!gambling !hacking !porn !violence !warez all
#pass none
redirect
http://192.168.189.9/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
}
Why would I be hitting the default acl anyway? I'm accessing the
cachemgr from a machine this is in a subnet covered by another acl. It
seems like it must be because the cgi script itself is doing the access
to get the information and is seen as making the access not from the
subnet of my client but rather the subnet of the squid box (or not?)?
I've tried putting the subnet (and even the host) for the squid box in
another acl and once tried a no_cache directive for the squid box in
squid.conf to no avail. I'm missing something here.
Any ideas?
--
Mike Rambo
[EMAIL PROTECTED]
Evolution (n): A hypothetical process whereby infinitely improbable events occur
with alarming frequency, order arises from chaos, and no one is given credit.
