Re: FW: [squid-users] Access Lists from Peter Smith on 2001-12-06 (squid-users)

From: Peter Smith <peter.smith@dont-contact.us>
Date: Thu, 06 Dec 2001 11:08:22 -0600

Oops, sorry I never saw this. Yes, each 'acl <name>' entry has to have
a unique name. In your case you'd have to create an 'acl' for the
source address and an 'acl' for the destination domain. Then, you'd
make an 'http_access' entry that basically included both of these
'acl's. Hope that helps--I imagine you've already discovered this.
Sorry for the lateness!

Peter Smith

Paul Harlow wrote:

> Let's just say that in this case 'trial and error' is getting REAL OLD...
>
>
>
> What does this line that you have in this email mean? That it's
> reading the second line and saying that "jkane" already exists?
>
> -----Original Message-----
> *From:* Peter Smith [mailto:peter.smith@UTSouthwestern.edu]
> *Sent:* Wednesday, October 31, 2001 1:59 PM
> *To:* Paul Harlow
> *Cc:* Squid Users (E-mail)
> *Subject:* Re: FW: [squid-users] Access Lists
>
> 2001/10/31 14:57:50| aclParseAclLine: ACL 'jkane' already exists
> with different type, skipping.
>
> Trial and error never hurts...
>
> Peter Smith
>
> Paul Harlow wrote:
>
>>Oops...meant to send to the list!
>>
>>-----Original Message-----
>>From: Paul Harlow
>>Sent: Wednesday, October 31, 2001 11:12 AM
>>To: 'Henrik Nordstrom'
>>Subject: RE: [squid-users] Access Lists
>>
>>
>>So with this in mind could I do the following:
>>
>>acl jkane src 10.9.1.112/255.255.255.255
>>acl jkane dstdom_regex adams
>>http_access allow jkane
>>
>>Instead? Simpler and from what you've stated, if I understand correctly,
>>this would do the same thing. Correct?
>>
>>
>>-----Original Message-----
>>From: Henrik Nordstrom [mailto:hno@squid-cache.org]
>>Sent: Wednesday, October 31, 2001 10:52 AM
>>To: Paul Harlow
>>Cc: Squid Users (E-mail)
>>Subject: Re: [squid-users] Access Lists
>>
>>
>>Paul Harlow wrote:
>>
>>>acl jkanepc src 10.9.1.112/255.255.255.255
>>>This one allows "jkanepc" with a source address of 10.9.1.112...
>>>
>>
>>Not quite. It defines the acl list "jkanepc" that can later be used to
>>allow/deny access in http_access.
>>
>>>acl jkane dstdom_regex adams
>>>I'm assuming that the access list name is "jkane" and that this will read
>>>anything with the name "adams" in the address field.
>>>
>>
>>Exacly.
>>
>>>http_access allow jkane jkanepc
>>>Finally, this ties the two together if I'm not mistaken. It ties the list
>>>"jkane" with the "jkanepc" address, correct?
>>>
>>
>>Sort of.
>>
>>To be specific it allows the request if it matches both the "jkane" and
>>"jkanepc" acl lists.
>>
>>Regards
>>Henrik Nordström
>>
>
Received on Thu Dec 06 2001 - 10:08:25 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:15 MST