You probably need an `http_access allow <yournet_acl>` to be inserted
after all your http_access denys. My setup works like this:
acl manager proto cache_object
acl purge method purge
acl localhost src 127.0.0.1/255.255.255.255
acl admin src 199.179.no.peeking/255.255.255.255
acl wt src 199.179.0.0/255.255.0.0
acl SSL_ports port 443 563
acl Dangerous_ports port 7 9 19
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access deny Dangerous_ports
http_access deny purge !admin
http_access allow wt
icp_access allow wt
This let me purge objects using a little web script I wrote (forms are
easier for me to use to purge objects when I'm at client locations than
the command line is) that runs on an administrative machine.
-Bill
On Tue, 3 Feb 1998, Toens Bueker wrote:
> Hi *,
>
> I got a problem with the purge method. I want to purge
> objects from an accelerator.
>
> I have
>
> acl PURGE method PURGE
> and
> http_access deny PURGE !localhost !accelerator !mynet
>
> I can access the cache-manager from 'mynet', but every
> request to PURGE says 'TCP_DENIED'.
>
> Do I have to 'enable something' in the source?
> Is it security-relevant to enable PURGE?
>
> Thx.
>
> By
> Töns
> --
> _o)
> /\\ pgp fingerprint: 9B AC A5 CB C8 CC FC DC 25 B5 26 9A 5D 28 C0 3D
> _\_V
>
Received on Wed Feb 04 1998 - 15:18:23 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:47 MST