Re: ACL's and specifying them

From: Andrew Kemp <>
Date: Thu, 19 Sep 1996 15:19:18 +1000 (GMT+1000)


> It doesn't work because the http_access acl's are ANDed together, ie: it will
> only deny if the source address is in ALL of pc1, pc2, pc3, pc4 and pc5 (which
> is not possible!) You'd be better off creating one src acl line with all the
> pc source addresses in it, and denying that (src acl's are ORed), ie:

Thank you very much for your clear explanation. I assume that the same happens
for domain/port/proto/method etc acls ?

> acl pcs src x.x.2.166 x.x.2.167 x.x.2.168 x.x.2.180 x.x.2.181
> http_access deny pcs

I have used this suggestion to setup the series of acls that I had previously
set up as individuals acls (approx 50) and it works correctly. Also, it make
the squid.conf easier to read and smaller.



Andrew Kemp

Unix Systems Administrator Phone : 61 +3 9214-8252
Computer Services and Information Techology Fax : 61 +3 9214-8944
Swinburne University of Technology E-Mail: andrew@swin.EDU.AU
Hawthorn, Victoria, Australia 3122 URL:
Received on Wed Sep 18 1996 - 22:19:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:02 MST