Re: how to combine this specific acl ?

From: Jonathan Larmour <jlarmour@dont-contact.us>
Date: Fri, 15 Jan 1999 10:26:44 +0000

Richard van Drimmelen wrote:
> Duane Wessels wrote:
> > Richard van Drimmelen writes:
> >
> > >In our institute I see that one specific PC in a student room is used a
> > >lot for browsing 'nudies'. I'd like to restrict this browsing by
> > >combining three acl's, based on:
> > >
> > > - the IP address/subnetmask of the PC
> > > - the various sites visited,
> > > - browsing time (disallowed between MON-FRI 09:00-17:00)
> > >
> > >What I've tried:
> > >
> > > acl STUDENT_PC src x.x.x.x/255.255.255.255
> > > acl DIRTY_LITTLE_BASTARD dstdom_regex site1 site2 site3 site4
> > > acl COME_BACK_LATER MTWHF 09:00-17:00
> > >
> > > http_access allow STUDENT_PC
> > > http_access deny DIRTY_LITTLE_BASTARD
> > > http_access deny COME_BACK_LATER
> >
> >
> > Try putting them on the same line:
> >
> > http_access deny STUDENT_PC DIRTY_LITTLE_BASTARD COME_BACK_LATER
>
> The first "http_access deny STUDENT_PC" is matched -> PC is completely
> banned from browsing ALL the time ?????

No. Putting multiple things on the same http_access line means it will use
"AND" logic. i.e. if the STUDENT_PC acl is matched _and_ the
DIRTY_LITTLE_BASTARD acl is matched _and_ the COME_BACK_LATER acl is
matched, then deny. Processing continues afterwards as usual if any of those
acl's are not matched.

Jifl

-- 
Cygnus Solutions, 35 Cambridge Place, Cambridge, UK.  Tel: +44 (1223) 728762
"Women marry hoping their husbands will change, men||Home e-mail: jifl @ 
marry hoping their wives never do. Both are rare." ||     jifvik.demon.co.uk
Help fight spam! http://spam.abuse.net/  These opinions are all my own fault
Received on Fri Jan 15 1999 - 03:38:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:03 MST