Squid problem with "Allow users on interface" check box

dmiller

version 1.01
squid version 2.5.14_2-p7
This code (or something related) in squid.inc is not working right for the "Allow users on interface" check box:

// Allow the remaining ACLs if no authentication is set
        if ($auth_method == 'none') {
                $allowed = array('localnet', 'allowed_subnets');
                $allowed = array_filter($allowed, 'squid_is_valid_acl');
                foreach ($allowed as $acl)
                        $conf .= "http_access allow $acl\n";

allowed_subnets works just fine…...

Checked or uncheck, you always get the "http_access allow localnet" in the squid.conf

The "acl localnet src  10.177.0.0/255.255.0.0" is added and deleted properly with the check box.

If you have an http_access rule with no acl, squid gets cranky.

Why not just leave the box checked? Because I want to control access
with the whitelist and CIDR ranges with allowed (local) subnets.

Update: I just figured out, if you uncheck the box and click the save button twice,
"http_access allow localnet" is removed from squid.conf.

This is still a problem because most users will uncheck the box and only click save once, and that breaks squid.