|

Squid Web Proxy Cache

»

In what order does acls work

View: New views

4 Messages — Rating Filter: Alert me

	In what order does acls work by Siju George :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message HI, Does the acls work according to the "first matching" rule principle? I want to allow only certain people to access certain hosts. I wrote the acl acl quant-srvs dstdomain "/etc/pf-tables/quant-srvs" acl quant-admins srcdomain "/etc/pf-tables/quant-admins" http_access allow quant-admins http_access deny quant-srvs it still seems to block "quant-admins" from accessing "quant-srvs" Thanks --Siju
	Re: In what order does acls work by Amos Jeffries-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Siju George wrote: > HI, > > Does the acls work according to the "first matching" rule principle? Yes. top-down left-to-right within each *_access grouping. > > I want to allow only certain people to access certain hosts. > > I wrote the acl > > acl quant-srvs dstdomain "/etc/pf-tables/quant-srvs" > acl quant-admins srcdomain "/etc/pf-tables/quant-admins" > http_access allow quant-admins > http_access deny quant-srvs > > it still seems to block "quant-admins" from accessing "quant-srvs" Then the visitors rDNS domain names is not matching the listed "quant-admins" domains. There is nothing more we can offer without seeing the data you have in front of you. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14
	Re: In what order does acls work by Siju George :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 3, 2009 at 4:50 PM, Amos Jeffries <squid3@...> wrote: >> >> it still seems to block "quant-admins" from accessing "quant-srvs" >> Then the visitors rDNS domain names is not matching the listed > "quant-admins" domains. > I didnt get you :-( > There is nothing more we can offer without seeing the data you have in front > of you. > Could you please let me know what data I should provide? thanks --Siju
	Re: In what order does acls work by Amos Jeffries-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Siju George wrote: > On Tue, Nov 3, 2009 at 4:50 PM, Amos Jeffries <squid3@...> wrote: > >>> it still seems to block "quant-admins" from accessing "quant-srvs" >>> Then the visitors rDNS domain names is not matching the listed >> "quant-admins" domains. >> > > I didnt get you :-( Read your earlier explanation of whats happening and take a close look at those rules. Noticing that 'srcdomain' is a test of the visitors rDNS domain name. Hint: The second line can only happen if the first line does not match. >> There is nothing more we can offer without seeing the data you have in front >> of you. >> > > Could you please let me know what data I should provide? > The content of those two ACL files would be good along with info on how you are testing it... from what IP(s) for what domains. This page might be of some help to you: http://wiki.squid-cache.org/SquidFaq/SquidAcl Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14