Squid problem with "Allow users on interface" check box



  • version 1.01
    squid version 2.5.14_2-p7
    This code (or something related) in squid.inc is not working right for the "Allow users on interface" check box:

    // Allow the remaining ACLs if no authentication is set
            if ($auth_method == 'none') {
                    $allowed = array('localnet', 'allowed_subnets');
                    $allowed = array_filter($allowed, 'squid_is_valid_acl');
                    foreach ($allowed as $acl)
                            $conf .= "http_access allow $acl\n";

    allowed_subnets works just fine…...

    Checked or uncheck, you always get the "http_access allow localnet" in the squid.conf

    The "acl localnet src  10.177.0.0/255.255.0.0" is added and deleted properly with the check box.

    If you have an http_access rule with no acl, squid gets cranky.

    Why not just leave the box checked? Because I want to control access
    with the whitelist and CIDR ranges with allowed (local) subnets.

    Update: I just figured out, if you uncheck the box and click the save button twice,
    "http_access allow localnet" is removed from squid.conf.

    This is still a problem because most users will uncheck the box and only click save once, and that breaks squid.


Log in to reply