From: Lenya Khachaturov <lenyak@mail.ru> To: Mandrake <mandrake-russian@linuxteam.iplabs.ru> Subject: [mdk-re] Re: [mdk-re] Re: [mdk-re] Настройка Squid Date: Wed Dec 27 19:10:01 2000 Message-ID: <797998671.20001227191109@mail.ru> (raw) In-Reply-To: <003f01c06fca$5dae39f0$0500000a@sasha> Hello Mandrake, Wednesday, December 27, 2000, 9:00:50 AM, you wrote: M> SQUID.CONF: M> # If none of the "access" lines cause a match, the default is the M> # opposite of the last line in the list. If the last line was M> # deny, then the default is allow. Conversely, if the last line M> # is allow, the default will be deny. For these reasons, it is a M> # good idea to have an "deny all" or "allow all" entry at the end M> # of your access lists to avoid potential confusion. Ну и что? Это я читал. Правило http_access allow manager localhost lenya georges стоит первым, по нему и должен пускать. Более того, если он не находит ни одного совпадения, он берет отрицание последней строчки. Там стоит deny, значит получается allow и тогда пускает всех. Все же правильно. Или нет? M> Regards to All M> Alexandr Redko M> LU # 178842 M> ICQ # 75828152 M> ----- Original Message ----- M> From: "Lenya Khachaturov" <lenyak@mail.ru> M> To: <mandrake-russian@linuxteam.iplabs.ru> M> Sent: Tuesday, December 26, 2000 9:44 PM M> Subject: [mdk-re] Настройка Squid >> Hello mandrake-russian, >> >> Что-то у меня не получается правильно настроить ACL, пишу >> следующее: >> >> acl all src 0.0.0.0/0.0.0.0 >> acl root src 127.0.0.1/255.255.255.255 >> acl georges src 192.168.0.1/255.255.255.0 >> acl lenya src 192.168.0.2/255.255.255.0 >> acl localhost src 127.0.0.1/255.255.255.255 >> acl manager proto cache_object >> acl SSL_ports port 443 563 >> acl Safe_ports port 80 21 443 563 70 210 1025-65535 >> acl CONNECT method CONNECT >> >> http_access allow manager localhost lenya georges >> http_access deny manager >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access deny all >> >> По идее, при таких настройках он должен пускать ТОЛЬКО юзеров с IP M> 192.168.0.1 и >> 192.168.0.2, на самом деле не пускает вообще никого. Если закомментировать >> последнюю строчку, начинает пускать всех без разбору. Почему? Он же >> смотрит до первого совпадения с правилом, а на остальное забивает! -- Best regards, Lenya mailto:lenyak@mail.ru
prev parent reply other threads:[~2000-12-27 19:10 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2000-12-26 21:43 Lenya Khachaturov 2000-12-27 8:52 ` [mdk-re] " Mandrake 2000-12-27 19:10 ` Lenya Khachaturov [this message]
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=797998671.20001227191109@mail.ru \ --to=lenyak@mail.ru \ --cc=mandrake-russian@linuxteam.iplabs.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git