From: Lenya Khachaturov <lenyak@mail.ru>
To: Mandrake <mandrake-russian@linuxteam.iplabs.ru>
Subject: [mdk-re] Re: [mdk-re] Re: [mdk-re] Настройка Squid
Date: Wed Dec 27 19:10:01 2000
Message-ID: <797998671.20001227191109@mail.ru> (raw)
In-Reply-To: <003f01c06fca$5dae39f0$0500000a@sasha>
Hello Mandrake,
Wednesday, December 27, 2000, 9:00:50 AM, you wrote:
M> SQUID.CONF:
M> # If none of the "access" lines cause a match, the default is the
M> # opposite of the last line in the list. If the last line was
M> # deny, then the default is allow. Conversely, if the last line
M> # is allow, the default will be deny. For these reasons, it is a
M> # good idea to have an "deny all" or "allow all" entry at the end
M> # of your access lists to avoid potential confusion.
Ну и что? Это я читал. Правило http_access allow manager localhost lenya georges
стоит первым, по нему и должен пускать. Более того, если он не находит
ни одного совпадения, он берет отрицание последней строчки. Там стоит
deny, значит получается allow и тогда пускает всех. Все же правильно.
Или нет?
M> Regards to All
M> Alexandr Redko
M> LU # 178842
M> ICQ # 75828152
M> ----- Original Message -----
M> From: "Lenya Khachaturov" <lenyak@mail.ru>
M> To: <mandrake-russian@linuxteam.iplabs.ru>
M> Sent: Tuesday, December 26, 2000 9:44 PM
M> Subject: [mdk-re] Настройка Squid
>> Hello mandrake-russian,
>>
>> Что-то у меня не получается правильно настроить ACL, пишу
>> следующее:
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl root src 127.0.0.1/255.255.255.255
>> acl georges src 192.168.0.1/255.255.255.0
>> acl lenya src 192.168.0.2/255.255.255.0
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl manager proto cache_object
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 21 443 563 70 210 1025-65535
>> acl CONNECT method CONNECT
>>
>> http_access allow manager localhost lenya georges
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny all
>>
>> По идее, при таких настройках он должен пускать ТОЛЬКО юзеров с IP
M> 192.168.0.1 и
>> 192.168.0.2, на самом деле не пускает вообще никого. Если закомментировать
>> последнюю строчку, начинает пускать всех без разбору. Почему? Он же
>> смотрит до первого совпадения с правилом, а на остальное забивает!
--
Best regards,
Lenya mailto:lenyak@mail.ru
prev parent reply other threads:[~2000-12-27 19:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-12-26 21:43 Lenya Khachaturov
2000-12-27 8:52 ` [mdk-re] " Mandrake
2000-12-27 19:10 ` Lenya Khachaturov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=797998671.20001227191109@mail.ru \
--to=lenyak@mail.ru \
--cc=mandrake-russian@linuxteam.iplabs.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git