At 9:44 am +0000 18/7/96, you wrote:
>4At 11:28 18.07.96 +0200, you wrote:
>>According to Alexander Rainchik:
>>
>>> Is it possible to restric access to my proxy server on
>>> domain-based acl? I mean only users from .my.domain.com are
>>> allowed to use cache. I can't use FQDN in 'acl src' and
>>> 'acl domain' is just noi I'm expected :(
>>
>>How about this?
>>
>> acl localnet src 123.45.67.0/255.255.255.0
>> acl all src 0.0.0.0/0.0.0.0
>> http_access allow localnet
>> http_access deny all
>>
>
>Nice, but I prefer this way:
>
>acl localnet .my.domain.com
>http_acces allow localnet
>
>so sorry it's not supported :(
I think I agree with Alexander about this one, we (as a University) have
approx. 25 class 'C' nets, so I would have to list a lot of nets, whilst a
single 'acl domain' could cover all eventualities, even sub-domains.
I've fallen on a combination of both, a fully defined list of 'acl src'
entries for our nets and then a set of global 'acl domain' entries for
disabling whole sets of domains.
--
Craig
,,, Wot, NO mountains!
======================oOO=(o o)=OOo===================================
Craig Morgan (_) Senior Lecturer, CS Group
School of Computing Email: C.Morgan@soc.staffs.ac.uk
Staffordshire University Phone: +44 (0)1785 353466
Beaconside Fax: +44 (0)1785 353497
Stafford, UK ST18 0DG Pager: +44 (0)839 453754
"It's the downhill thrills, that make the uphill slog worthwhile..."
======================================================================
Received on Thu Jul 18 1996 - 03:20:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:36 MST