Re: http_access deny manager !localhost

From: Michael Fuhr <[email protected]>
Date: Thu, 8 May 1997 08:28:09 -0600

David J N Begley writes:

> On Wed, 7 May 1997, Michael Fuhr wrote:
>
> > > acl localhost src 127.0.0.1/255.255.255.255
> > > http_access deny manager !localhost
> >
> > You've told Squid to *deny* anything that's not localhost, but have
> > you told it to *accept* localhost? Make sure you have another rule
> > somewhere that will allow the connection.
>
> Remember that this isn't strictly necessary depending on the other
> "http_access" lines in use - the default is the opposite of the last line
> (so if the last line is allow, the default is deny and vice versa).

Right - apparently the original poster has a default deny. For Squid
or anything else using ACLs, I prefer to use a default deny stance[1],
with the exceptions being listed as "allow" lines. "That which is not
expressly allowed is forbidden."

[1] I use "http_access deny all" at the end to make my intentions explicit.

-- 
Michael Fuhr
http://www.dimensional.com/~mfuhr/
Received on Thu May 08 1997 - 07:31:25 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:08 MST