A.R. Cache Op wrote:
> http_access allow arlocal
> http_access deny !arlocal kozak
>
> miss_access allow arlocal
> miss_access deny !arlocal kozak
>
> In theory that should block this person out ?
The ACL lists is searched in the order specified, and the search
terminates as soon as there is a match. The correct list is
# Deny kozak access to the cache
http_access deny kozak
# Allow arlocal to use the cache
http_access allow arlocal
# Deny all else
http_access deny all
# Allow everyone with access to the cache to fetch new objects
miss_access allow all
You don't need to specify miss_access. A person does not have
miss_access unless he has http_access as well. miss_access is used to
further limit the rights when you have sibling caches that should only
be allowed to fetch previously cached objects from you.
miss_access does not work well in 1.1.X or 1.2beta releases up to 22
(the next beta release should have this fixed if I am not misinformed,
1.2 sure will). Only use it if a sibling misbehaves or the sibling won't
be your sibling for long.
--- Henrik Nordström Sparetime Squid HackerReceived on Tue Jul 07 1998 - 14:12:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:04 MST