[squid-users] Policy with multiple ACL calls

[Andrey K]

Hello, Amos,

Thanks for the clarification! I get it now.

Kind regards,
    Ankor

чт, 26 мар. 2026 г. в 00:20, Amos Jeffries <squid3 at treenet.co.nz>:

> On 26/03/2026 02:29, Andrey K wrote:
> >
> > Hello, Amos,
> >
> > Thank you so much for such a detailed answer.
> >
> >  > >  > >  http_access allow is_bank user1 all
> >  > >  > >
> >  > >  > >  ssl_bump splice    is_bank user1 all
> >  > >
> >  > > I thought that re-authentication only occurs during a deny action
> > within
> >  > > http_access directives when the final ACL is authentication-based.
> If
> >  > > so, the "all ACL" hack should only be applied to those specific
> rules,
> >  > > correct?
> >  >
> >  > The authentication is still re-checked by Squid on every ACL test.
> >  > There are a login cache, and helper result cache preventing the client
> >  > agent and user being bothered by this frequent re-test.
> >  >
> >  > However, if either of those cached entries expire, then the auth
> system
> >  > gets involved again immediately regardless of previous check results.
> >
> > I am sorry, but I still don’t quite understand why we should use "all-
> > hack" at the end of "http_access allow auth-acl" rules.
>
> Sorry, just me being dumb and treating them like "deny" lines.
> The "all" is indeed irrelevant on "allow" lines.
>
> Cheers
> Amos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20260326/c58e4f8e/attachment-0001.htm>