>-----Original Message----- >From: Greg Whynott [mailto:greg.whynott@xxxxxxxxx] >Sent: Wednesday, April 04, 2012 5:04 PM >To: Squid Users >Subject: does a match on an ACL stop or continue? > >If i have a list of 10 ACLs and a client matches on ACL#4, will ACLs >#6-10 be considered or does squid stop evaluating the ACLs and preform the actions defined in ACL#4? > >example: > >if someone in the network 10.101.10.0/24 attempts to load "badsite.com", will they be denied with the ACLs below or will the TOS be modified and the site >loaded? > >acl execnetwork src 10.10.10.0/24 >tcp_outgoing_tos 0x38 execnetwork > >acl badsite url_regex -i badsite >http_access deny badsite > > >I ask as it appears to not be consistent with my current setup. > >thanks for your time, >greg Hi Greg As far as I know it stops when it hits a rule. Rules are "AND'd "or "OR'd" together. This is AND: Deny if URL is in badsite AND connection from execnetwork. http_access deny badsite execnetwork This is OR: Deny if connection from execnetwork OR URL is in badsite. http_access deny execnetwork http_access deny badsite Regards Jasper
