mån 2009-09-21 klockan 13:54 -0700 skrev Guy Bashkansky: > Using Squid as a reverse cache proxy, need to give access only to > clients whose IP addresses are from particular netblocks: > > acl service dstdomain .foo.com > acl clients src 123.45.67.89/255.255.255.128 > http_access deny service all > http_access allow service clients > > What may be the possible reason that clients with IP addresses not > from that netblock can still access the service? The above would deny everyone access. http_access is read top-down and the first matching rule is used. Any rules following that is ignored. Probably you have other http_access rules above allowing access.. Regards Henrik
