> I'm struggling quite a bit with transitioning from basic_ncsa_auth to
> I have some ports where only certain users (sometimes just one) is
> allowed to connect/pass the ACL check.
> I'm running Squid 3.28 on Ubuntu
> I have lines like this:
> acl userA proxy_auth_regex -i userA
> Which reads the htpasswd file and matches the user based on the regex.
That is technically wrong. When figuring out this type of problem the
That is an ACL which reads the HTTP request message for details and
matches true if it finds "usera" or any case-insensitive variation of that.
It has a prerequisite that the auth system has already authenticated
those credentials as valid. But the ACL itself does not do any of that.
As a result of that seemingly minor detail that ACL will happily
non-match when it should match if the access control using it is a
'fast' category control. Correlated with that it may also wrongly match
if the ACL is configured in a '!' modifier.
What else have you configured? This line *cannot* be the one allowing
other users to that port, nor this user to other ports. Some other line
or combination of lines is doing that.
> And that for multiple Ports.
> I now want to transition to basic_db_auth and got it up and running, but
> the problem is that the above does not work anymore. All authed users
> can now connect to every port.
That implies something in your access controls changed. The few you have
mentioned do not show anything related to the problem.
OR, maybe you set the DB helper to return OK for users unrelated to the
actual HTTP request client. You have omitted those details too.
> UserA can use Port 3201,3202,3206 for connecting to the proxy
> UserB can't use these and only can use 3315
> What is the best/cleanest way to regain the above functionality?
Cleanest way is to:
1) revert to the old config file. check that it still works.
2) check that the new SQL DB contents match the NCSA htpasswd entries.
3) change only the auth_param "program" line setting which helper is
used. Nothing else, not even other auth_param lines should be touched (yet).
4) check that the proxy behaviour has not changed in regards to who is
getting to what.
- if there is a change then your parameters to the DB helper need fixing.
- otherwise problem stated above is solved and you can move on to other