hall@charon.ns.utk.edu writes:
>I'm having trouble understanding the format of acl commands. The default
>configuration file, with "http_access deny manager !localhost" made the
>manager inaccessible from anywhere, so I defined a new aclname thus:
>
>acl ns srcdomain .ns.utk.edu .cs.utk.edu
>http_access deny manager !ns
>
>I thought that this would make the manager accessible to clients from the
>two domains specified, but it actually made it accessible from every
>domain I have been able to test. I also tried
>
>acl ns srcdomain ns.utk.edu cs.utk.edu (no leading dots)
>
>but I can still access the manager functions from outside these domains.
>I don't understand the format of the http_access statement, as "manager"
>seems to take the role of an object, while "!ns" takes the role of a
>specifier. No such roles are given in the format description.
>
>I have enabled fqdn_log as per the Release Notes.
>
>So how should I accomplish what I am trying to do? Thanks.
Turn on debugging for the ACL functions
debug_options 28,9
Then access the cachemgr from where you expect it to fail. Then look
at the cache.log output and try to decide if its a configuration error
or a bug. If you think its a bug, send me the output.
Duane W.
Received on Wed Aug 14 1996 - 16:03:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:48 MST