Re: Hole in my thinking - still

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Bobby wrote:
> On Thursday 14 June 2007 08:58:57 you wrote:
> > Bobby wrote:
> > > On Monday 11 June 2007 18:23:58 Henrik Nordstrom wrote:
> > > > mån 2007-06-11 klockan 17:12 -0400 skrev Bobby:
> > > > > Hi,
> > > > >
> > > > > This is not resolving. Rather than debugging my setup please tell me
> > > > > how you would configure it.
> > > > >
> > > > > What I'm looking at is how do I specify different machines to be able
> > > > > to access only certain websites?
> > > > >
> > > > > Let's say,
> > > > > 172.16.10.16-31 are managers who can go anywhere and
> > > > > 172.16.10.96-254 are operators with limited access like only to
> > > > > .google.com and .paypal.com.
> > > > # Allow managers unrestricted access
> > > > acl managers src ...
> > > > http_access allow managers
> > > >
> > > > # Allow operators access to a restricted set of sites
> > > > acl operators src ...
> > > > acl operator_sites dstdomain .google.com .paypal.com
> > > > http_access allow operators operator_sites
> > > >
> > > > # And deny all other access
> > > > http_access deny all
> > > Those three dots should mean the IP's, right?
> > > Then not having anything after allow managers means "all"?
> > um, um, no,no,....
> > .... I think I finally see whats in your head.
> > You are thinking there are implicit defaults involved in each rule right?
<snip>
> > Amos
>
> No I can't say that I did. :) What I did not know was that each IP needed the 
> mask. I had the idea it would recognize a single IP as just one.n

Ok, I my have misunderstood something somewhere myself.

IIRC what I pointed out was that '0.0.0.0' would not match any single 
global IP squid is going to see (you originally had it in the list of 
valid sources, I thought you meant 'all' by it).
No webserver would be serving on public IP 0.0.0.0 and no client would 
be assigned public IP 0.0.0.0. Thus 0.0.0.0 usually only mentioned with 
/0 meaning all, useless otherwise. I mentioned nothing about the other 
IPs (which might be just single global IPs).

Either masked or unmasked is correct for single IPs.
But ever mind, later suggestions at configs are better than the initial 
you started with anyway.


> My question
> here was based on the fact that you added three periods and I did not know if 
> that had a specific meaning or you were indicating that I should replace them 
> with whatever IP's I had.

Not mentioned by me, maybe Henrik, but I came to the same assumption 
reading it.

Amos