Hi Thomas
I am not familiar too, but I write my acl-s different
I deny every trafic I don't want to have
the "http_access allow Safe_ports" ... allows everything i htink
the restrictions would I write
acl time1 time 08:00-10:00
acl time2 time 10:00-12:00
http_access deny slot1_ip !time1
http_access deny slot2_ip !time2
Alexander
--- thomas <thomas.xavier@gmail.com> wrote:
> Dear All
> Requirement has arisen to provide access to a group of machine
> categorized based on IP address.
>
> ACL created is as follows:-
>
> acl fulltime_ip 10.10.10.40-10.10.10.254
> acl slot1_ip src 10.10.10.25 10.10.10.30 10.10.10.35
> acl slot1_time time 08:00-10:00
> acl slot2_ip src 10.10.10.39 10.10.10.40 10.10.10.41
> acl slot2_time time 10:00-12:00
> acl CONNECT method CONNECT
> acl ncsa_users proxy_auth REQUIRED
>
> HTTP_ACCESS statements are as follows:-
>
> http_access allow localhost
> http_access allow ncsa_users
> http_access allow slot1_ip slot1_time
> http_access allow slot2_ip slot2_time
> http_access allow fulltime_ip
> http_access allow Safe_ports
> http_reply_access allow all
> icp_access allow all
> miss_access allow all
> http_access allow SSL_ports
> http_access deny all
>
> Q1= With above ACL and http_access, machines are not getting denied
> though they are supposed to be denied apart from their specified time
> slot.
>
> Q2= Is the http_access sequence OK? If not what should be?
>
> Q3= Please suggest better way of doing the same?
>
> Q4= Similar to http_access sequence, should I have to take care of acl
> statement sequence too?
>
> TIA
>
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
Received on Tue Feb 08 2005 - 11:20:48 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST