Re: domain-based restrictions

From: Jean-Francois Micouleau <[email protected]>
Date: Fri, 19 Jul 1996 16:56:40 +0200 (MET DST)

On Fri, 19 Jul 1996, Alexander Rainchik wrote:

> acl myhost1 src 123.456.789.123
> .... lot's of strings (>150)
> alc myhost159 src 234.567.890.123
> http_access allow myhost1 ... myhost159

  You can simplify the job by doing:

  acl mynet1 src 123.456.789.000/255.255.255.000
  ...
  ...
  acl mydenyhost src 123.456.789.XXX
  http_access deny mydenyhost
  http_access allow mynet

That's much simpler and that's working, I know a big french worldwide
company using acl this way.
It's also faster to use IP address because all the client returns their IP
adress, and if you use your network name you need to do a dns lookup.

Something better than hacking squid for ACL would be a new tag in
squid.conf: "Allow client only from local domain: yes/no"

And it would be check against the local_domain value of squid.conf

>
> Looks interesting...
>
> Or I can have subdomains
> allowed.to.use.cache.my.domain.com
> and
> not-allowed.to.use.cache.my.domain.com
>
> I think it's easy to group them by names, not by addresses.
> So it's really time for me to hack squid code and add
> "ACL mydomain MYDOMAIN .my.domain.com" rule :)
>
>
>
> --
> Alexander Rainchik
>
>

-----------------------------------------------------------
: Jean Francois Micouleau : Email: Micouleau@utc.fr :
: Universite de : Tel : 44 23 52 15 :
: Technologie de : Service Informatique :
: Compiegne : :
-----------------------------------------------------------
Received on Fri Jul 19 1996 - 07:58:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:41 MST