> ok here I go again. I have this:
>
> acl discflo src 192.168.0.0/255.255.255.0
> acl denied src 192.168.0.55/255.255.255.0
> acl all src 0.0.0.0/0.0.0.0
>
> http_access allow discflo
> http_access deny denied
> http_access deny all
>
> no one gets denied, the one I want to deny is 192.168.0.55, as you can
> se in the ACL.
Okay, no one gets denied here because everything in the 192.168.0.x subnet
matches the acl discflo. None of the sources, included 192.168.0.55 makes
it to the http_access deny line.
Try reversing it... like this:
http_access deny denied
http_access allow discflo
http_access deny all
> conversely I have tried this too:
> with the same ACL's from above I tried:
>
> http_acces deny discflo
> http_access allow denied
> http_access deny all
>
> and noone gets access....I thought that the rules matched, it looks like
> they do but I guess not. once again I am confused, thanks
no one gets access because EVERYTHING in 192.168.0.x matches the first
http_access line. Therefore, everyone on this subnet gets denied.
Hope I've helped!
Craig
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Dec 18 2000 - 17:17:14 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:01 MST