Bobby wrote:
> On Monday 11 June 2007 18:23:58 Henrik Nordstrom wrote:
>> mån 2007-06-11 klockan 17:12 -0400 skrev Bobby:
>>> Hi,
>>>
>>> This is not resolving. Rather than debugging my setup please tell me how
>>> you would configure it.
>>>
>>> What I'm looking at is how do I specify different machines to be able to
>>> access only certain websites?
>>>
>>> Let's say,
>>> 172.16.10.16-31 are managers who can go anywhere and
>>> 172.16.10.96-254 are operators with limited access like only to
>>> .google.com and .paypal.com.
>> # Allow managers unrestricted access
>> acl managers src ...
>> http_access allow managers
>>
>> # Allow operators access to a restricted set of sites
>> acl operators src ...
>> acl operator_sites dstdomain .google.com .paypal.com
>> http_access allow operators operator_sites
>>
>> # And deny all other access
>> http_access deny all
>
> Those three dots should mean the IP's, right?
> Then not having anything after allow managers means "all"?
>
um, um, no,no,....
.... I think I finally see whats in your head.
You are thinking there are implicit defaults involved in each rule right?
Lets see if this makes things any clearer for you:
http_access allow a
=> IF a is true -> allow
http_access allow b c
=> IF b is true AND c is true -> allow
http_access deny d e
=> IF d is true -> deny
Each acl are done is very similar way to see 'if its true'
acl src b
=> IS message is comming from IP b ? true/false
acl dst c
=> IS message is going to IP c ? true/false
etc. etc.
Amos
Received on Thu Jun 14 2007 - 06:59:01 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT