On Monday 16 September 2024 at 20:06:41, Piana, Josh wrote:
> How I understand the rules are as follows:
> > http_access deny !localnet
>
> This denies HTTP traffic to what I defined as "localnet".
No; firstly the "localnet" ACL is defined by *source* address, therefore
"localnet" matches traffic *from* your local network.
Secondly the ! negates this, therefore "!localnet" matches any source address
which is *not* in your local network.
Therefore "http_access deny !localnet" denies any access from an address not
in your local network.
> > http_access allow localnet
This then allows access from any address which *is* in your local network.
Now, having matched all traffic not from your local network, and all traffic which
is from your local network, you have accounted for all possible traffic,
therefore any other rules have no effect.
Hope this helps,
Antony.
--
Because it messes up the order in which people normally read text.
> Why is top-posting such a bad thing?
> > Top-posting.
> > > What is the most annoying way of replying to e-mail?
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
