RE: [squid-users] another Acl question

Yes, this is what i am exactly tring to do, but when i
block msn_acl and msn_acl2 for all and allowed the
two, it did not worked, instead it is blocked for all,
I am not sure why it is happening. In short i am
unable to allow my two subnets to brows through
webmail and deny other users for webmails and msn
sites.
--- Lucia Di Occhi <saint_lucy@hotmail.com> wrote:

> Alright, what's not working with the ACL?
>
> As you know the ACL is read TOP down and it will
> stop reading at the first
> match, so:
>
> http_access deny msn_acl !onesubent !twosubnet
> (Will block msn_acl for
> all but 2 subnets)
> http_access deny msn_acl2 !onesubnet !twosubnet
> (Will block msn_acl2 from
> all but 2 subnets)
>
> ##blocking orkut for all###
> http_access deny msn_acl3 (Will block msn_acl3 for
> ALL subnets)
> http_access deny msn_acl4 (Will block msn_acl4 for
> ALL subnets)
>
> ###Allowing rest###
> http_access allow mynet (Will allow everything else)
>
> so basically you are blocking msn_acl and msn_acl2
> for everyone but two
> subnets and you are blocking msn_acl3 and msn_acl4
> for everyone. Lastly you
> allow everything else. Is that you intended
> behaviour? What behaviour are
> you getting when you say it does not work?
>
>
>
> >From: Mohsin Khan <aaghaz00@yahoo.com>
> >To: Lucia Di Occhi <saint_lucy@hotmail.com>
> >Subject: RE: [squid-users] another Acl question
> >Date: Thu, 23 Dec 2004 06:33:50 -0800 (PST)
> >
> >i am using this statment
> >
> >http_access deny msn2 !onesubnet !twosubnet
> >
> >msn_acl is just to give an idea...its is basically
> >msn1 msn2 msn3 msn4
> >
> >--- Lucia Di Occhi <saint_lucy@hotmail.com> wrote:
> >
> > > I am nut sure how you do it. if the ACL name is
> > > 'msn1' you cannot do
> > > 'http_access deny msn_acl !onesubent !twosubnet'
> > > since msn_acl is not
> > > defined, sane is true with 'http_access deny
> > > msn_acl3' cause I do not see a
> > > msn_acl3 defined anywhere in the config file.
> > >
> > > Did you copy/paste the actual squid.conf
> section?
> > >
> > > >From: Mohsin Khan <aaghaz00@yahoo.com>
> > > >To: Lucia Di Occhi <saint_lucy@hotmail.com>
> > > >Subject: RE: [squid-users] another Acl question
> > > >Date: Thu, 23 Dec 2004 03:33:53 -0800 (PST)
> > > >
> > > >here is it,
> > > >
> > > >acl msn1 dstdomain .msn.com
> > > >acl msn1 dstdomain .hotmail.com
> > > >acl msn1 dstdomain .passport.com
> > > >acl msn1 dstdomain .yahoo.com
> > > >acl msn1 dstdomain .e-messenger.net
> > > >acl msn1 dstdomain .gmail.com
> > > >acl msn1 dstdomain gmail.google.com
> > > >acl msn1 dstdomain .msnger.com
> > > >
> > > >acl msn3 dstdomain .orkut.com
> > > >acl msn3 dstdomain .hi5.com
> > > >
> > > >acl msn2 dstdom_regex [-i] .hotmail.com
> > > >acl msn2 dstdom_regex [-i] .msn.com
> > > >acl msn2 dstdom_regex [-i] .passport.com
> > > >acl msn2 dstdom_regex [-i] .yahoo.com
> > > >acl msn2 dstdom_regex [-i] .e-messenger.net
> > > >acl msn2 dstdom_regex [-i] .gmail.com
> > > >acl msn2 dstdom_regex [-i] gmail.google.com
> > > >acl msn2 dstdom_regex [-i] .msnger.com
> > > >
> > > >acl msn4 dstdom_regex [-i] .orkut.com
> > > >acl msn4 dstdom_regex [-i] .hi5.com
> > > >
> > > >where msn=msn_acl (as per my mail)
> > > >
> > > >
> > > >--- Lucia Di Occhi <saint_lucy@hotmail.com>
> wrote:
> > > >
> > > > > can you send the full definition of each ACL
> > > such as
> > > > > msn_acl3
> > > > > msn_acl4
> > > > > It would be best to have the whole ACL
> > > subsession of
> > > > > the squid.conf for
> > > > > troubleshooting.
> > > > >
> > > > > >From: Mohsin Khan <aaghaz00@yahoo.com>
> > > > > >To: squid-users@squid-cache.org
> > > > > >Subject: [squid-users] another Acl question
> > > > > >Date: Wed, 22 Dec 2004 20:09:37 -0800 (PST)
> > > > > >
> > > > > >hi,
> > > > > >
> > > > > > i have squid Version
> > > 2.5.STABLE1
> > > > > >running on one of my red hat advnace
> server. I
> > > have
> > > > > >acls to block webmails (yahoo, hotmil etc)
> and
> > > msn,
> > > > > >and sites. Two of my subnets were allowd
> every
> > > > > thing.
> > > > > >It was working fine, but when I tried to
> block
> > > > > Orkut i
> > > > > >am facing some strange situation. I have a
> > > > > 172.16.0.0
> > > > > >with in this I have two subnets that are
> > > allowed
> > > > > every
> > > > > >thing.
> > > > > >
> > > > > > What i did is
> > > > > >
> > > > > >###Allowing webmails for these subnets###
> > > > > >http_access deny msn_acl !onesubent
> !twosubnet
> > > > > >http_access deny msn_acl2 !onesubnet
> !twosubnet
> > > > > >##blocking orkut for all###
> > > > > >http_access deny msn_acl3
> > > > > >http_access deny msn_acl4
> > > > > >###Allowing rest###
> > > > > >http_access allow mynet
> > > > > >
> > > > > >
> > > > > >
> > > > > >but these set of acls not working I know i
> am
> > > wrong
> > > > > >some where or missing some thing, but can
> any
> > > one
> > > > > let
> > > > > >me know where
> > > > > >
> > > > > >Thanks in advance for any help
> > > > > >
> > > > > >=====
> > > > > >Regards,
> > > > > >Mohsin Khan
> > > > > >CCNA ( Cisco Certified Network Associate
> 2.0 )
> > > > > >http://forum.aaghaz.net
> > > > > >
> > > > > > >>>Happy is the one who can smile<<<
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >__________________________________
> > > > > >Do you Yahoo!?
> > > > > >The all-new My Yahoo! - Get yours free!
> > > > > >http://my.yahoo.com
> > > > > >
> > > > > >
> > > > >
> > > > >
> > >
> >
>
>_________________________________________________________________
> > > > > Don’t just search. Find. Check out the new
> MSN
> > > > > Search!
> > > > >
> > >
> >
>
>http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > > > >
> > > > >
> > > >
> > > >
> > > >=====
> > > >Regards,
> > > >Mohsin Khan
> > > >CCNA ( Cisco Certified Network Associate 2.0 )
> > > >http://forum.aaghaz.net
>
=== message truncated ===

=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )
http://forum.aaghaz.net

>>>Happy is the one who can smile<<<

                
__________________________________
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250
Received on Thu Dec 23 2004 - 09:41:58 MST