Dear All Requirement has arisen to provide access to a group of machine categorized based on IP address. ACL created is as follows:- acl fulltime_ip 10.10.10.40-10.10.10.254 acl slot1_ip src 10.10.10.25 10.10.10.30 10.10.10.35 acl slot1_time time 08:00-10:00 acl slot2_ip src 10.10.10.39 10.10.10.40 10.10.10.41 acl slot2_time time 10:00-12:00 acl CONNECT method CONNECT acl ncsa_users proxy_auth REQUIRED HTTP_ACCESS statements are as follows:- http_access allow localhost http_access allow ncsa_users http_access allow slot1_ip slot1_time http_access allow slot2_ip slot2_time http_access allow fulltime_ip http_access allow Safe_ports http_reply_access allow all icp_access allow all miss_access allow all http_access allow SSL_ports http_access deny all Q1= With above ACL and http_access, machines are not getting denied though they are supposed to be denied apart from their specified time slot. Q2= Is the http_access sequence OK? If not what should be? Q3= Please suggest better way of doing the same? Q4= Similar to http_access sequence, should I have to take care of acl statement sequence too? TIA
