Re: ACL's and specifying them

From: Andrew Kemp <[email protected]>
Date: Thu, 19 Sep 1996 15:19:18 +1000 (GMT+1000)

Rob,

> It doesn't work because the http_access acl's are ANDed together, ie: it will
> only deny if the source address is in ALL of pc1, pc2, pc3, pc4 and pc5 (which
> is not possible!) You'd be better off creating one src acl line with all the
> pc source addresses in it, and denying that (src acl's are ORed), ie:

Thank you very much for your clear explanation. I assume that the same happens
for domain/port/proto/method etc acls ?

> acl pcs src x.x.2.166 x.x.2.167 x.x.2.168 x.x.2.180 x.x.2.181
> http_access deny pcs

I have used this suggestion to setup the series of acls that I had previously
set up as individuals acls (approx 50) and it works correctly. Also, it make
the squid.conf easier to read and smaller.

Thanks.

Regards,

Andrew Kemp

Unix Systems Administrator Phone : 61 +3 9214-8252
Computer Services and Information Techology Fax : 61 +3 9214-8944
Swinburne University of Technology E-Mail: andrew@swin.EDU.AU
Hawthorn, Victoria, Australia 3122 URL: http://opax.swin.edu.au/andrew
Received on Wed Sep 18 1996 - 22:19:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:02 MST