Re: ACL's and specifying them

From: Robert Davy <>
Date: Thu, 19 Sep 1996 13:50:02 +1000 (EST)


It doesn't work because the http_access acl's are ANDed together, ie: it will
only deny if the source address is in ALL of pc1, pc2, pc3, pc4 and pc5 (which
is not possible!) You'd be better off creating one src acl line with all the
pc source addresses in it, and denying that (src acl's are ORed), ie:

acl pcs src x.x.2.166 x.x.2.167 x.x.2.168 x.x.2.180 x.x.2.181
http_access deny pcs


>Greetings Squiders,
>I have just come across an interesting problem with regards to ACL's
>and after discussing it with my 'neighbors' we have agreed it is a problem
>which should be posted to squid-users.
>I have specified a set of acl's as per :
>acl pc1 src x.x.2.166
>acl pc2 src x.x.2.167
>acl pc3 src x.x.2.168
>acl pc4 src x.x.2.180
>acl pc5 src x.x.2.181
>Then when I try to deny acess with :
>http_access deny pc1 pc2 pc3 pc4 pc5
>this doesn't work, but this does :
>http_access deny pc1
>http_access deny pc2
>http_access deny pc3
>http_access deny pc4
>http_access deny pc5
>Now, according to the comment in squid.conf
># Allowing or Denying access based on defined access lists
># Access to the HTTP port:
># http_access allow|deny [!]aclname ...
>one would assume that the line 'http_access deny pc1 pc2 pc3 pc4 pc5' is
>valid and should work.
>Is this the case ?
>Andrew Kemp
>Unix Systems Administrator Phone : 61 +3 9214-8252
>Computer Services and Information Techology Fax : 61 +3 9214-8944
>Swinburne University of Technology E-Mail: andrew@swin.EDU.AU
>Hawthorn, Victoria, Australia 3122 URL:

Robert Davy                         *  .*    
Network Services                                ph:06 2492978  fax:06 2798199
Australian National University        *         Canberra, ACT 0200, Australia
Received on Wed Sep 18 1996 - 20:51:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:02 MST