Re: domain-based restrictions

At 18:05 19.07.96 -0500, you wrote:
>G'day Alexander!
>
>On Jul 19, 11:15am, Alexander Rainchik wrote:
>> Subject: Re: domain-based restrictions
>> At 20:25 18.07.96 -0500, you wrote:
>>
>> >acl localnet domain .my.domain.com
>> >http_acces allow localnet
>>
>> Does it mean that all users from my domain can access everything?
>> Or all people in the wrold can access only hosts in my domain?
>> Can anyone explain it to me?
>
>The main point I was trying to make was that you could actually specify a
>domain to put in an ACL. There seemed to be some confusion as to how to specify
>a domain by name.
>
>The above example would only allow users to request files from .my.domain.com,
>anything else would generate an access denied message; ie the things that your
>cache can access are those that match .my.domain.com
>
>MyDomain my have been a better name to give the ACL, rather than localnet.
>
>Ok, it was a bad example, what was it that you wanted to do once you had a way
>to specify a domain?
>

Ok, imagine I have a lot of hosts all from different nets and/or subnets
merged by single domain. I know I cat put all of them in

acl myhost1 src 123.456.789.123
.... lot's of strings (>150)
alc myhost159 src 234.567.890.123
http_access allow myhost1 ... myhost159

Looks interesting...

Or I can have subdomains
allowed.to.use.cache.my.domain.com
and
not-allowed.to.use.cache.my.domain.com

I think it's easy to group them by names, not by addresses.
So it's really time for me to hack squid code and add
"ACL mydomain MYDOMAIN .my.domain.com" rule :)

--
                                       Alexander Rainchik