Article delegate-en/2722 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: How force hosts to authenticate
09 Aug 2004 08:33:25 GMT "Salvatore Tarallo \(starallo\)" <prafabdyi-yavwm65yfvxr.ml@ml.delegate.org>


Yutaka,
Forgive me but I don't seem to get it:

07/08 17:05:55.96 [5244] 0+0: ext[11]
AUTHORIZER=-list{guest:guest}:http,https:!*.microsoft.com,!*.cisco.com,!
*.windowsupdate.com:*
07/08 17:05:55.96 [5244] 0+0: ext[12]
AUTHORIZER=-list{guest:guest}:http,https:!*.repubblica.it:*

I'd assume that the first line would prevent an authorization for all
cisco domain but that doesn't seem to be the case.

07/08 17:06:04.18 [2600] 1+1: REQUEST = GET
http://www.cisco.com/swa/i/logo.gif HTTP/1.1^M
07/08 17:06:04.25 [2600] 1+1/1: HCKA:[1] closed -- a:proxy
authentication required

Are you saying that the delegate doesn't stop the parsing at the first
match ? Does this also imply that any AUTHORIZER line with a
conectionmap by default to all sites for the protocols specified except
for the excluded ones ?
For example, what would be the expected behaviour of delegate with the
two AUTHORIZER parameters specified above ?

Cheers,
Sal

-----Original Message-----
From: Yutaka Sato [mailto:feedback@delegate.org] 
Sent: Saturday, August 07, 2004 2:23 AM
To: feedback@delegate.org
Cc: Salvatore Tarallo (starallo)
Subject: Re: [DeleGate-En] How force hosts to authenticate

Hi,

On 07/09/04(00:15) you "Salvatore Tarallo \(starallo\)"
<starallo@cisco..> wrote in
<_A2704@delegate-en.ML_>
 |Hi Yutaka,
 |Sorry it took so long for a reply.
 |Attached, a text file with the debug collected during the browsing of
|the same page with two different configurations, one with a single
|AUTHORIZER and the second with a second AUTHORIZER parameter. The
|configuration in the file is the one I've used. The last line is
present  |only in the second attempt.

Sorry for my so late response.

Your first config.
  AUTHORIZER=-list{guest:guest}:http,https:!*.M$,!*.cisco.com,!*.WU:*

Your second config.
  AUTHORIZER=-list{guest:guest}:http,https:!*.M$,!*.cisco.com,!*.WU:*
  AUTHORIZER=-list{guest:guest}:http,https:!*.repubblica.it:*

and you tried to access to cisco.com.  With the first configuration,
there is no AUTHORIZER to be applied to cisco.com, so no authentication
is required.   With the second configuration, the second AUTHORIZER
parameter is applied to cisco.com, then proxy authentication is
required.
It works as I intended.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V