Dear All
Requirement has arisen to provide access to a group of machine
categorized based on IP address.
ACL created is as follows:-
acl fulltime_ip 10.10.10.40-10.10.10.254
acl slot1_ip src 10.10.10.25 10.10.10.30 10.10.10.35
acl slot1_time time 08:00-10:00
acl slot2_ip src 10.10.10.39 10.10.10.40 10.10.10.41
acl slot2_time time 10:00-12:00
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED
HTTP_ACCESS statements are as follows:-
http_access allow localhost
http_access allow ncsa_users
http_access allow slot1_ip slot1_time
http_access allow slot2_ip slot2_time
http_access allow fulltime_ip
http_access allow Safe_ports
http_reply_access allow all
icp_access allow all
miss_access allow all
http_access allow SSL_ports
http_access deny all
Q1= With above ACL and http_access, machines are not getting denied
though they are supposed to be denied apart from their specified time
slot.
Q2= Is the http_access sequence OK? If not what should be?
Q3= Please suggest better way of doing the same?
Q4= Similar to http_access sequence, should I have to take care of acl
statement sequence too?
TIA
Received on Tue Feb 08 2005 - 10:16:17 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:01 MST