[squid-users] Policy with multiple ACL calls

Amos Jeffries squid3 at treenet.co.nz
Wed Mar 25 21:20:22 UTC 2026

Previous message (by thread): [squid-users] Policy with multiple ACL calls
Next message (by thread): [squid-users] Policy with multiple ACL calls
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26/03/2026 02:29, Andrey K wrote:
> 
> Hello, Amos,
> 
> Thank you so much for such a detailed answer.
> 
>  > >  > >  http_access allow is_bank user1 all
>  > >  > >
>  > >  > >  ssl_bump splice    is_bank user1 all
>  > >
>  > > I thought that re-authentication only occurs during a deny action 
> within
>  > > http_access directives when the final ACL is authentication-based. If
>  > > so, the "all ACL" hack should only be applied to those specific rules,
>  > > correct?
>  >
>  > The authentication is still re-checked by Squid on every ACL test.
>  > There are a login cache, and helper result cache preventing the client
>  > agent and user being bothered by this frequent re-test.
>  >
>  > However, if either of those cached entries expire, then the auth system
>  > gets involved again immediately regardless of previous check results.
> 
> I am sorry, but I still don’t quite understand why we should use "all- 
> hack" at the end of "http_access allow auth-acl" rules.

Sorry, just me being dumb and treating them like "deny" lines.
The "all" is indeed irrelevant on "allow" lines.

Cheers
Amos

Previous message (by thread): [squid-users] Policy with multiple ACL calls
Next message (by thread): [squid-users] Policy with multiple ACL calls
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list