squid problem
Cameron Simpson
cs at zip.com.au
Tue Feb 13 03:11:48 UTC 2007
On 12Feb2007 16:03, yogesh at banasdairy.coop <yogesh at banasdairy.coop> wrote:
| hi i have a proxy server on squid
|
| i want to allow only bseindia.com site to my one user(only this site)
| i make acl rule as follow
|
| acl yogesh_usr proxy_auth yogesh
| acl yogesh_ip src 10.1.1.53
| acl rul_1 dstdomain .bseindia.com
| http_access allow rul_1 yogesh_usr yogesh_ip
| http_access deny !rul_1 !yogesh_usr !yogesh_ip
|
|
| but this rules will not work
| it provide access to all the web
|
| i want to allow one bseindia so how it possible
The defaulkt behaviour for a control directive like http_access, for an
acess which does NOT match ANY of the ACLs, is to use the opposite of
the last rule. Your last rule was a deny, therefore any access that do
not match any of the ACLs will be allowed.
You want a sequence like this:
http_access allow yogesh_usr yogesh_ip rul_1
http_access deny yogesh_usr
So you explicitly allow the desired access for yogesh_usr, and then
reject all other access by yogesh_usr. People who are not yogesh_usr
will match neither rule, and so be allowed.
Cheers,
--
Cameron Simpson <cs at zip.com.au> DoD#743
http://www.cskk.ezoshosting.com/cs/
B1FF is an archetype, and all you're showing us is one of the more amusing of
his many instantiations. - Howard E. Motteler <motteler at umbc.edu>
Ah, perhaps Arthur Clarke anticipated this in his celebrated short story,
"The Nine Million Names Of B1FF"? - Nosy <ataylor at nmsu.edu>
More information about the fedora-list
mailing list