David J N Begley writes:
> On Wed, 7 May 1997, Michael Fuhr wrote:
>
> > > acl localhost src 127.0.0.1/255.255.255.255
> > > http_access deny manager !localhost
> >
> > You've told Squid to *deny* anything that's not localhost, but have
> > you told it to *accept* localhost? Make sure you have another rule
> > somewhere that will allow the connection.
>
> Remember that this isn't strictly necessary depending on the other
> "http_access" lines in use - the default is the opposite of the last line
> (so if the last line is allow, the default is deny and vice versa).
Right - apparently the original poster has a default deny. For Squid
or anything else using ACLs, I prefer to use a default deny stance[1],
with the exceptions being listed as "allow" lines. "That which is not
expressly allowed is forbidden."
[1] I use "http_access deny all" at the end to make my intentions explicit.
-- Michael Fuhr http://www.dimensional.com/~mfuhr/Received on Thu May 08 1997 - 07:31:25 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:08 MST