zha guiting wrote:
> http_access allow dstf1
> http_access deny dstip
> http_access allow our net
> http_access deny all
> ..
>
> but the access list seems not worked correctly becaue all src host can use this proxy (for example the 202.195.245.12 can access squid) I tried many times but failed. I can not know how to solve it. Would you help me check our errors? thank you!
http_access is read top-down, stopping on the first that fully matches.
The effec is that http_access allow sdtf1 allows anyone to use your
cache for cn and edu domains.
I think you want
http_access allow dstf1 our net
http_access deny all
The above gives only "our" and "net" access to dstf1 domains (cn edu).
I am not sure what you are trying do acheive with the dstip ACL.
-- Henrik Nordstrom Squid hackerReceived on Thu Nov 25 1999 - 16:50:55 MST
This archive was generated by hypermail pre-2.1.9 : Wed Apr 09 2008 - 11:57:32 MDT