Re: Access denied (RH 6.1 + 2.2 STABLE4)

From: Henrik Nordstrom <[email protected]>
Date: Sat, 08 Jan 2000 01:32:25 +0100

Lars Holmstrvm wrote:
 
> I have also searched the monthly posting of squid-users mail. In a mail
> from 6-sep Henrik Nordstrom wrote "By security reasons the default
> RedHat squid.conf only allows localhost access to Squid. " so I added an
> acl "acl flynet src 172.24.0.0/255.255.0.0" and "http_access deny
> !flynet"

Your configuration reads

http_access deny !flynet
http_access allow localhost

Squid also insert a implicit final catch-all rule which is the inverse
of the last defined rule:

http_access deny all

Since there is no rule that matches flynet (only !flynet) the flynet
users will go all thru the access list and then be denied by the final
implicit deny rule.

If you change the flynet rule to read

http_access allow flynet

then thinks should look a lot better.

--
Henrik Nordstrom
Squid hacker
Received on Fri Jan 07 2000 - 17:51:09 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:17 MST