Re: problem: acl based on srcIP dstIP

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 26 Mar 2000 10:42:55 +0200

Csaba Koller wrote:

> DW> http_access allow theone
> DW> http_access deny !thesubnet
> DW> http_access allow mostuser
> DW> http_access deny all
>
> The order is the key?

Yes.

I would probably use

http_access allow mostuser thesubnet
http_access allow theone

That way you can easily add other user classes without having to bother
with the ordering. Ordering is only important if you mix deny and allow
directives.

--
Henrik Nordstrom
Squid hacker
Received on Sun Mar 26 2000 - 02:44:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:24 MST