Re: domain-based restrictions

From: Craig Morgan <C.Morgan@dont-contact.us>
Date: Thu, 18 Jul 1996 11:21:08 +0000

At 9:44 am +0000 18/7/96, you wrote:

>4At 11:28 18.07.96 +0200, you wrote:
>>According to Alexander Rainchik:
>>
>>> Is it possible to restric access to my proxy server on
>>> domain-based acl? I mean only users from .my.domain.com are
>>> allowed to use cache. I can't use FQDN in 'acl src' and
>>> 'acl domain' is just noi I'm expected :(
>>
>>How about this?
>>
>> acl localnet src 123.45.67.0/255.255.255.0
>> acl all src 0.0.0.0/0.0.0.0
>> http_access allow localnet
>> http_access deny all
>>
>
>Nice, but I prefer this way:
>
>acl localnet .my.domain.com
>http_acces allow localnet
>
>so sorry it's not supported :(

I think I agree with Alexander about this one, we (as a University) have
approx. 25 class 'C' nets, so I would have to list a lot of nets, whilst a
single 'acl domain' could cover all eventualities, even sub-domains.

I've fallen on a combination of both, a fully defined list of 'acl src'
entries for our nets and then a set of global 'acl domain' entries for
disabling whole sets of domains.

--
Craig
                            ,,,   Wot, NO mountains!
 ======================oOO=(o o)=OOo===================================
  Craig Morgan              (_)      Senior Lecturer, CS Group
  School of Computing                Email: C.Morgan@soc.staffs.ac.uk
  Staffordshire University           Phone: +44 (0)1785 353466
  Beaconside                         Fax:   +44 (0)1785 353497
  Stafford, UK  ST18 0DG             Pager: +44 (0)839 453754
  "It's the downhill thrills, that make the uphill slog worthwhile..."
 ======================================================================
Received on Thu Jul 18 1996 - 03:20:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:36 MST