Hi,
On Wed, 1 Aug 2001, Marc Petersen wrote:
> acl macs arp src "/opt/squid/etc/macs"
> http_access deny macs all
>
> But that won't work. I have tried it with some options but i always get an
> error if i want to start squid. I HAVE arp acl support compiled in btw :-)
Methinks you really want:
acl macs arp "/opt/squid/etc/macs"
The "src" is used to define an acl based on the source IP address of the
browser.
Furthermore why the "all" on the end? I am not sure you really understand
the interaction between acls and http_access lines.
The acls define list that specify some condition to be matched in a
connection. The http_access lines then use one or more acls AND-ed
together to permit or dny access. Thus when you say:
http_access deny macs all
You are really saying:
If the MAC address is in the macs acl AND the IP address is in all, deny
access. In this case the "all" is really redundant, ie
http_access deny macs
would be sufficient.
Be aware too that MAC addresses are only useful on the local lan segment.
Any packet passing through a router to get to the squid server will have
the MAC address of the router it came through to get to the lan segment.
> The thing why i want to do that in this way is i have an HTML based
> Admin-Toolkit for Squid, selfwritten, and it's more easier for me to change a
> different file and not the squid.conf.
Have you looked at webmin?
Colin
-- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3006 4710Received on Wed Aug 01 2001 - 16:12:52 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:26 MST