Hi Thomas I am not familiar too, but I write my acl-s different I deny every trafic I don't want to have the "http_access allow Safe_ports" ... allows everything i htink the restrictions would I write acl time1 time 08:00-10:00 acl time2 time 10:00-12:00 http_access deny slot1_ip !time1 http_access deny slot2_ip !time2 Alexander --- thomas <thomas.xavier@xxxxxxxxx> wrote: > Dear All > Requirement has arisen to provide access to a group of machine > categorized based on IP address. > > ACL created is as follows:- > > acl fulltime_ip 10.10.10.40-10.10.10.254 > acl slot1_ip src 10.10.10.25 10.10.10.30 10.10.10.35 > acl slot1_time time 08:00-10:00 > acl slot2_ip src 10.10.10.39 10.10.10.40 10.10.10.41 > acl slot2_time time 10:00-12:00 > acl CONNECT method CONNECT > acl ncsa_users proxy_auth REQUIRED > > HTTP_ACCESS statements are as follows:- > > http_access allow localhost > http_access allow ncsa_users > http_access allow slot1_ip slot1_time > http_access allow slot2_ip slot2_time > http_access allow fulltime_ip > http_access allow Safe_ports > http_reply_access allow all > icp_access allow all > miss_access allow all > http_access allow SSL_ports > http_access deny all > > Q1= With above ACL and http_access, machines are not getting denied > though they are supposed to be denied apart from their specified time > slot. > > Q2= Is the http_access sequence OK? If not what should be? > > Q3= Please suggest better way of doing the same? > > Q4= Similar to http_access sequence, should I have to take care of acl > statement sequence too? > > TIA > __________________________________ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com
