Re: ACL question.

From: Marc Delisle <DelislMa@dont-contact.us>
Date: Wed, 21 May 1997 11:17:24 -0400

Richard Pruss wrote:
>
> Hi,
>
> We would like to allow cache access to port 80 but not port 90 on
> a group of machines.
>
> I tried:
> acl admin src 196.25.1.0/24
> acl denyadmin dst 196.25.1.0/24
> acl denyadmin port 93
>
> http_access deny denyadmin !admin
>
> But the second line in the denyadmin acl is rejected and users are
> locked out of the main pages.
>
> May 20 15:53:55 sabela squid[12862]: aclParseAclLine: ACL 'denyadmin'
> already exists with different type, skipping.
>
> So, question: Whats is the best way of doing this?
>
> Cheers,
> Ric

Hmmm, are you talking about source (src) machines or destination (dst)
machines?
And you are talking about port 90 or 93? and what is on your port 80?
squid or
a web server?

Anyway, I suggest (someone correct me on this):

acl thegroup src 196.25.1.0/24
acl badport port 90
acl goodport port 80
http_access deny thegroup badport
http_access allow thegroup goodport
(here, other "http_access allow ..." depending on your situation)

http_access deny all

-- 
Marc Delisle                              
Service Informatique                              
Collège de Sherbrooke      
Québec.  819/564-6223
Received on Wed May 21 1997 - 08:17:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:13 MST