On 26/04/11 23:37, Edmonds Namasenda wrote:
> Hello there.
> Is there a possibility in Squid 3.0 on openSuSe to explicitly allow or
> deny ACLs?
>
> ### Example
> acl admins src 10.0.0.245-10.0.0.255
> acl updates dstdomain -i /path/to_file_with/updates_domain/urls
> http_access allow admins
> http_access allow updates
> reply_body_max_size 10 MB !admins
> reply_body_max_size 10 MB !updates
You have set two *different* limits of 10MB.
"admin" can be caught by the second one unless they are requesting
"updates" sites.
>
> With the above set-up example, the reply_body_max_size still affects
> the admins group. Systems with I.P Addresses in the admin range fail
> to download files bigger than 10MBs.
> How can I explicitly allow them? As well if I want to explicitly deny,
> what can I use?
With "!" exactly as you have above.
But remember the rules for constructing access controls still apply
here. Top-down, left-to-right, first line to fully match wins.
Limit to 10MB. Excluding updates AND excluding admin:
reply_body_max_size 10 MB !admins !updates
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.7 and 3.1.12.1Received on Tue Apr 26 2011 - 11:54:43 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 26 2011 - 12:00:03 MDT