-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/01/2014 5:28 a.m., Brian J. Murrell wrote: > On Tue, 2013-12-31 at 23:28 +1300, Amos Jeffries wrote: >> >> Order IS important. > > Ahhh. This is interesting then. > >> Each rule depends on what the rules above it do and whether their >> side effects change the state depended on by the weird-acting >> ACL. > > This seems a strange situation to me. But so be it. Is there any > documentation describing how one http_reply_access rule can change > state such that it alters the application of rules subsequent to > it? > > If I can understand that, I can probably make sense of why moving > my rules around are changing their behavior. > > Cheers, b. > I dont think there is any documentation on this. I am expecting you will find something along the lines of ACL #1 being an auth ACL and finding that teh user is not logged in. That could set the status code to 407 and any ACLs following which rely on status code 200 fro example will then fail to match. Auth ACLs are one example, external ACL using auth or ident details, any other ACL which results in a error reply or redirection action (eg deny_info, but that only applies on deny lines). You will need to set the debug level to print out the ACL matching details to figure out eactly what is going on there. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSw6sDAAoJELJo5wb/XPRjyaAH/1w2+OPWwg5Xyd6fhpNiiZHB VFrjubOmcaT4FHiRh6ii2q9DqsPvbxFMK10AHORaDsRLWMPUQF+Zp1H/bPvD/RBS GLz59Qa9iiMQd8+H84xj/irVOXFpM23V82myRFkoLQdNSWz2VyYt4gH5wwgYsGr4 ElOeH0vq4Zwz18gZXbSzGLUi/aMI1s8qqdYMc4oi16DlsvwHted+s+D+gS/FuTZe 09/iARddKuChDVL722GRKIIRjL2sIQEoupT4kDuYuIFltuFDt7ZYJFeRy3u2fn5o Fg7DrGkCrKyhpjx4veJZlqG+tqNVh+9v9IwcIW8kwhk+aNpAoWWI3qFGDU4fp/I= =3ljP -----END PGP SIGNATURE-----