On Mon, 15 Mar 2004 fefi@ig.com.br wrote:
> Hello Christoph,
>
> Thanks for your reply.
>
> However, it still doesn't work.....
>
> I tried to add the subnet mask by the end of the acl line as below, but then
> access is given to all IPs in the network:
>
> acl subgroup src 120.202.200.20/255.255.255.0
There should be NO netmask when specifying individual IP addresses. Only
when specifying whole networks should a netmask be used.
120.202.200.20/255.255.255.0 == 120.202.200.0/255.255.255.0 ==
120.202.200.0/24
(except that Squid will warn you about the first probably not being what
you intended...)
> >> http_access allow rionet allowed_ext
> >> http_access deny rionet denied_ext morning
> >> http_access deny rionet denied_ext afternoon
> >> http_access allow rionet
> >> http_access allow localhost
> >> http_access deny all
The key is the order of your http_access rules.
The above says
1. rionet is allowed to access allowed_ext
2. else denied if it is morning or afternoon and request matches denied_ext
3. else allowed
If you want other rules of another subgroup of "rionet" you need to have
these http_access rules before this.
Regards
Henrik
Received on Mon Mar 15 2004 - 16:06:43 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST