RE: [squid-users] Access Lists from Paul Harlow on 2001-11-01 (squid-users)

From: Paul Harlow <PHarlow@dont-contact.us>
Date: Thu, 1 Nov 2001 09:06:54 -0700

So now I'm lost then...
Now it's sounding like the original input of:
> acl jkanepc src 10.9.1.112/255.255.255.255
> acl jkane dstdom_regex adams
> http_access allow jkane jkanepc

should work, right? This is how it's set up now and how it appears to be
working. The way I'm reading this is that the first line defines the source
with and access list named "jkanepc", the second line defines allowed
destinations with the word "adams" in the address, and the last line ties
the two together.
But from previous emails here you're saying that this is not true...
I don't get it.

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, October 31, 2001 2:22 PM
To: Paul Harlow; Squid Users
Subject: Re: [squid-users] Access Lists

No. A acl name can only be of a single type.

And even if the below was possible, it would not be the same thing as it
then would allow access to domains having the string "adams" OR from
10.9.1.112.

Regards
Henrik Nordström
Squid Hacker

Paul Harlow wrote:
>
> So with this in mind could I do the following:
>
> acl jkane src 10.9.1.112/255.255.255.255
> acl jkane dstdom_regex adams
> http_access allow jkane
>
> Instead? Simpler and from what you've stated, if I understand correctly,
> this would do the same thing. Correct?
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Wednesday, October 31, 2001 10:52 AM
> To: Paul Harlow
> Cc: Squid Users (E-mail)
> Subject: Re: [squid-users] Access Lists
>
> Paul Harlow wrote:
>
> > acl jkanepc src 10.9.1.112/255.255.255.255
> > This one allows "jkanepc" with a source address of 10.9.1.112...
>
> Not quite. It defines the acl list "jkanepc" that can later be used to
> allow/deny access in http_access.
>
> > acl jkane dstdom_regex adams
> > I'm assuming that the access list name is "jkane" and that this will
read
> > anything with the name "adams" in the address field.
>
> Exacly.
>
> > http_access allow jkane jkanepc
> > Finally, this ties the two together if I'm not mistaken. It ties the
list
> > "jkane" with the "jkanepc" address, correct?
>
> Sort of.
>
> To be specific it allows the request if it matches both the "jkane" and
> "jkanepc" acl lists.
>
> Regards
> Henrik Nordström
Received on Thu Nov 01 2001 - 08:59:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:49 MST