On tis, 2007-08-07 at 15:03 +0000, Vadim Pushkin wrote: > OK, so now I have these questions: > > 1. Which ones of these regex'es is the right one to use? > > acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ > > OR. > > acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ neither. dstdom_regex is the right acl type. > 2. The following will first allow all IP's as per acl numeric_IPs so > as long > as they are a member of allowed-CONNECT, then afterwards do a deny for > acl > numeric_IPs, which will be all other IP's? > > http_access allow CONNECT numeric_IPs allowed-CONNECT > http_access deny CONNECT numeric_IPs I would recommend to just deny unwanted stuff here, and let the allows go down to where you normally allow stuff. http_access deny CONNECT !allowed-CONNECT numeric_IPs Regards Henrik
Attachment:
signature.asc
Description: This is a digitally signed message part
