On Saturday 22 June 2002 20.06, Rick Coloccia wrote:
> I'd like to say something like:
>
> only addresses from lan x.y.0.0/255.255.0.0 and
> x.y.z.0/255.255.248.0 will be serviced by squid.
>
> so I did this:
> acl all 0.0.0.0/0.0.0.0
> acl net1 x.y.0.0/255.255.0.0
> acl net2 x.y.z.0/255.255.248.0
>
> and then I did
>
> httpd_access allow net1
> httpd_access allow net2
> httpd_access deny all
Looks correct to me.
> This doesn't seem to work, though, and I can't hit the proxy from
> net2...
Odd. Investigate your definition of "acl net2", and verify your
squid.conf syntax by runnign "squid -k parse".
> Should it be:
>
> httpd_access allow net1 net2
> httpd_access deny !net1 !net2
Nope. Those have different meanings.
The first can most likely never be true, unless net2 is a subnet of
net1. For the first line to match, the user must match both "net1"
and "net2" at the same time.
The second line is OK, and is what you use if you want to start your
ruleset by denying everyone except for your networks access, and then
refine the access levels within your network. But I usually use a
single acl for this purpose "local_networks", listing all the
networks.
Regards
Henrik
Received on Sun Jun 23 2002 - 11:49:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:46 MST