Bobby wrote:
On Monday 11 June 2007 18:23:58 Henrik Nordstrom wrote:
mån 2007-06-11 klockan 17:12 -0400 skrev Bobby:
Hi,
This is not resolving. Rather than debugging my setup please tell me how
you would configure it.
What I'm looking at is how do I specify different machines to be able to
access only certain websites?
Let's say,
172.16.10.16-31 are managers who can go anywhere and
172.16.10.96-254 are operators with limited access like only to
.google.com and .paypal.com.
# Allow managers unrestricted access
acl managers src ...
http_access allow managers
# Allow operators access to a restricted set of sites
acl operators src ...
acl operator_sites dstdomain .google.com .paypal.com
http_access allow operators operator_sites
# And deny all other access
http_access deny all
Those three dots should mean the IP's, right?
Then not having anything after allow managers means "all"?
um, um, no,no,....
.... I think I finally see whats in your head.
You are thinking there are implicit defaults involved in each rule right?
Lets see if this makes things any clearer for you:
http_access allow a
=> IF a is true -> allow
http_access allow b c
=> IF b is true AND c is true -> allow
http_access deny d e
=> IF d is true -> deny
Each acl are done is very similar way to see 'if its true'
acl src b
=> IS message is comming from IP b ? true/false
acl dst c
=> IS message is going to IP c ? true/false
etc. etc.
Amos
