On 03/05/17 12:40, Blaxton wrote:
Hi
I am trying to limit the out bound connection based on list of domain
names defined
in srcdomain and dstdomain.
Here is acl :
acl From_Source_Domains srcdomain domain1 domain2 domain3
acl To_Destination_Domains dstdomain domain4 domain5 domain6
Now some web site says below considered OR and it is working for me:
http_access allow From_Source_Domains
http_access allow To_Destination_Domains
And some web sites saying below considered AND but it is not working
for me:
http_access allow From_Source_Domains To_Destination_Domains
I am assuming since I have not allowed any port, then port should be
disabled
but it is not, on OR of the src and dst domains.
No, ports are not part of that lines rule. There is no enable/disable -
they are simply irrelevant when processing that line.
Traffic which gets filtered by that line coming from any client whose IP
address rDNS matches one of the "From_Source_Domains" AND URL contains
one of the "To_Destination_Domains" gets allowed into Squid.
If add
acl http_port 80
http_access allow http_port
Then it allow traffic from any source to any destination if port is 80.
Kind of confusing and need a bit of help.
The "how" is simple:
http_access lines are processed from top to bottom, left to right.
First fully matching line wins and its action (allow or deny) happens.
<wiki.squid-cache.org/SquidFaq/OrderIsImportant>
<http://wiki.squid-cache.org/SquidFaq/SquidAcl#The_Basics:_How_the_parts_fit_together>
<http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes>
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
