On Thu, 19 Aug 2004, Merton Campbell Crockett wrote:
> Perhaps it would be clearer and simpler to write this as two access rules.
>
> http_access deny !KIOSK.dstdomain
> http_access allow KIOSK
No, this won't work either as this restricts all users to the
KIOSK.dstdomain destinations, not only the KIOSK users.
> At the end of each rule set there is an implicit deny all. This may not
> be entirely accurate. I recall Duane Wessels mentioning somewhere that
> the implied last rule is the inverse of the last explicit rule. Based on
> the above example, the implicit rule would be the following.
>
> http_access deny !KIOSK
It is strongly recommended to always have an explicit "http_access deny
all" at the end.
Relying on the implicit inverse rule when there is no matching rule can be
confusing.
Regards
Henrik
Received on Fri Aug 20 2004 - 01:18:54 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT