Chapter 4: Property Reference
161
url.domain = !corporate.com authenticate(OurRealm, “log in for internet access”)
The next example illustrates the relation between authentication and denial. All users outside an
allowed subnet are denied before authentication. They are not allowed to submit credentials to the
authentication server. Users within the allowed subnet are authenticated regardless of whether they
will eventually be allowed or denied, so their user names are available for the access log.
define allowed_source_ip
10.1.2.0/24 ; my subnet(s)
;...
end
<proxy>
authenticate( myrealm )
<proxy>
deny client.address=!allowed_source_ip ; denied before authentication
authenticate.force(yes) ; all others denied after
<proxy>
deny category=(Sports, Gambling) ; would deny before auth except for force.
See Also
• Conditions: authenticated=, exception.id=, group=, has_attribute.name=,
http.transparent_authentication=, realm=, user=, user_domain=
•Properties: authenticate.force( ), authenticate.mode( ),
authenticate.use_url_cookie( ), check_authorization( ), socks.authenticate( ),
socks.authenticate.force( )