tor 2003-05-22 klockan 11.34 skrev Winanjaya:
> http_access allow it_user1
> http_access allow it_user2
> http_access allow nodownload1
> http_access allow nodownload2
>
> http_access deny GET office_hours nodownload1 nodownload2
> http_access deny all
There is two errors here:
a) You have already allowed access in the lines above.. the order of you
http_access rules is important. The first matching http_access line
tells if the request is allowed or denied.
b) nodownload1 and nodownload2 is conflicting. A single request cannot
come both from src 192.168.1.10 and src 192.168.1.11.
What you should do is to
1. Move the http_access deny line up before your allow lines.
2. Merge your nodownload* acls into one single nodownload acl including
all the ip addresses. You should probably also do the same with the
it_user* acls..
Which gives a configuration looking something like this:
acl download urlpath_regex -i \.exe$
acl office_hours time 09:00-17:00
acl GET method GET
acl it_user src 192.168.1.88 192.168.1.89
acl nodownload src 192.168.1.10 192.168.1.11
http_access deny nodownload GET office_hour
http_access allow nodownload
http_access allow it_user
http_access deny all.
Note: You may split the acl definitions on multiple lines if you prefer.
acl nodownload src 192.168.1.10
acl nodownload src 192.168.1.11
Or have the IP addresses in a separate file (one address per line)
acl nodownload src "/path/to/nodownload.txt"
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Thu May 22 2003 - 05:22:46 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:52 MST