On 12Feb2007 16:03, yogesh@xxxxxxxxxxxxxxx <yogesh@xxxxxxxxxxxxxxx> wrote: | hi i have a proxy server on squid | | i want to allow only bseindia.com site to my one user(only this site) | i make acl rule as follow | | acl yogesh_usr proxy_auth yogesh | acl yogesh_ip src 10.1.1.53 | acl rul_1 dstdomain .bseindia.com | http_access allow rul_1 yogesh_usr yogesh_ip | http_access deny !rul_1 !yogesh_usr !yogesh_ip | | | but this rules will not work | it provide access to all the web | | i want to allow one bseindia so how it possible The defaulkt behaviour for a control directive like http_access, for an acess which does NOT match ANY of the ACLs, is to use the opposite of the last rule. Your last rule was a deny, therefore any access that do not match any of the ACLs will be allowed. You want a sequence like this: http_access allow yogesh_usr yogesh_ip rul_1 http_access deny yogesh_usr So you explicitly allow the desired access for yogesh_usr, and then reject all other access by yogesh_usr. People who are not yogesh_usr will match neither rule, and so be allowed. Cheers, -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ B1FF is an archetype, and all you're showing us is one of the more amusing of his many instantiations. - Howard E. Motteler <motteler@xxxxxxxx> Ah, perhaps Arthur Clarke anticipated this in his celebrated short story, "The Nine Million Names Of B1FF"? - Nosy <ataylor@xxxxxxxx>
