I guess I still don't get how to use acl's

From: Kip DeGraaf <[email protected]>
Date: Wed, 09 Jul 1997 08:11:22 -0400

Suppose I have a host who is using ICP access to me that I don't want. At
the moment I don't want to go into a deny all mode because we are slowly
building a little hierarchy and I don't want to have to change the acl's
every time someone wants to test things out, but I do want to restrict this
one host from accessing us. Below you will find our acl definitions.
However the host still can do ICP. What did I do wrong?

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl impolite src aaa.bbb.ccc.ddd/255.255.255.255 (ip hidden to protect the
guilty)
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access deny manager !localhost
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow all
icp_access deny impolite
miss_access allow all
Received on Wed Jul 09 1997 - 05:12:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:42 MST