Andrew,
It doesn't work because the http_access acl's are ANDed together, ie: it will
only deny if the source address is in ALL of pc1, pc2, pc3, pc4 and pc5 (which
is not possible!) You'd be better off creating one src acl line with all the
pc source addresses in it, and denying that (src acl's are ORed), ie:
acl pcs src x.x.2.166 x.x.2.167 x.x.2.168 x.x.2.180 x.x.2.181
http_access deny pcs
Rob.
>Greetings Squiders,
>
>I have just come across an interesting problem with regards to ACL's
>and after discussing it with my 'neighbors' we have agreed it is a problem
>which should be posted to squid-users.
>
>I have specified a set of acl's as per :
>
>acl pc1 src x.x.2.166
>acl pc2 src x.x.2.167
>acl pc3 src x.x.2.168
>acl pc4 src x.x.2.180
>acl pc5 src x.x.2.181
>
>Then when I try to deny acess with :
>
>http_access deny pc1 pc2 pc3 pc4 pc5
>
>this doesn't work, but this does :
>
>http_access deny pc1
>http_access deny pc2
>http_access deny pc3
>http_access deny pc4
>http_access deny pc5
>
>Now, according to the comment in squid.conf
>
># Allowing or Denying access based on defined access lists
>#
># Access to the HTTP port:
># http_access allow|deny [!]aclname ...
>
>one would assume that the line 'http_access deny pc1 pc2 pc3 pc4 pc5' is
>valid and should work.
>
>Is this the case ?
>
>Regards,
>
>Andrew Kemp
>
>Unix Systems Administrator Phone : 61 +3 9214-8252
>Computer Services and Information Techology Fax : 61 +3 9214-8944
>Swinburne University of Technology E-Mail: andrew@swin.EDU.AU
>Hawthorn, Victoria, Australia 3122 URL: http://opax.swin.edu.au/andrew
>
>
--
*
Robert Davy * .* Robert.Davy@anu.edu.au
Network Services ph:06 2492978 fax:06 2798199
Australian National University * Canberra, ACT 0200, Australia
Received on Wed Sep 18 1996 - 20:51:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:02 MST