I see now said the blind man, I either get rid of the subnet mask or
use: 255.255.255.255 and it works now.....now I can't get it to filter
out napster here is what I have :
acl denied_domains dst .napster.com
http_access deny denied_domains
nothing happens it still is accessed, I have also tried this:
acl denied_domains dstdomain .napster.com
as well as :
acl denied_domains dst www.napster.com
and so on, any help there? thanks,
Fels wrote:
>
> > ok here I go again. I have this:
> >
> > acl discflo src 192.168.0.0/255.255.255.0
> > acl denied src 192.168.0.55/255.255.255.0
> > acl all src 0.0.0.0/0.0.0.0
> >
> > http_access allow discflo
> > http_access deny denied
> > http_access deny all
> >
> > no one gets denied, the one I want to deny is 192.168.0.55, as you can
> > se in the ACL.
>
> Okay, no one gets denied here because everything in the 192.168.0.x subnet
> matches the acl discflo. None of the sources, included 192.168.0.55 makes
> it to the http_access deny line.
>
> Try reversing it... like this:
>
> http_access deny denied
> http_access allow discflo
> http_access deny all
>
> > conversely I have tried this too:
> > with the same ACL's from above I tried:
> >
> > http_acces deny discflo
> > http_access allow denied
> > http_access deny all
> >
> > and noone gets access....I thought that the rules matched, it looks like
> > they do but I guess not. once again I am confused, thanks
>
> no one gets access because EVERYTHING in 192.168.0.x matches the first
> http_access line. Therefore, everyone on this subnet gets denied.
>
> Hope I've helped!
>
> Craig
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Mon Dec 18 2000 - 17:32:35 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:01 MST