On tor, 2007-08-30 at 06:02 -0300, Michel Santos wrote:
> There is appearently an acl bug
>
> acls do not work for peers
They do work for peers, just the same as any other http client. There is
nothing special about peers in the access controls.
> acl all src 200.152.80.0/20
Warning: Don't redefine the "all" acl unless you are very careful. It's
used in a number of defaults and meant to match "the whole world", and
results can become a bit confusing if redefined...
Instead define a "mynetwork" acl to match your clients..
> acl danger urlpath_regex -i instal\.html
> http_access deny all danger
> #
>
> so far this works for "all", I mean it blocks as wanted
>
>
> #
> acl all src 200.152.80.0/20
> acl peer src 200.152.83.40
> acl danger urlpath_regex -i instal\.html
> http_access deny all danger
> http_access deny peer danger
Nothing obviously wrong, apart from the use of the "all" acl..
> does NOT when accessing directly from a browser from 200.152.83.40
Should it? When going directly Squid is not used...
> and does NOT work when configuring localhost as proxy on 200.152.83.40
What do access.log say on both proxies?
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT