On Wed, 19 Jan 2000, Claudiu Balciza wrote:
> > > acl acl1 src claudiu.altex.ro
> > > acl acl2 dstdomain btr.ro
> > > http_access allow acl1 acl2
> > > http_access deny all
> >
> > Neither! The first ACL that matches dictates the behaviour.
> >
>
> then I ask you, how do I limit the access of given users to a given
> domain ?
Well, in the example you'd given, connections are allowed FROM only
claudiu.altex.ro site/machine. Furthermore, Connections are allowed TO
only btr.ro site.
So in this case, you've been lucky; you have effectively limited
connections TO a single site FROM a single site/machine. Therefore even
though squid uses the first ACL it sees, in your case this is good enough.
I think IPCHAINS might be a better solution for what you are trying to
achieve here.
Another solution that *might* suit you better is to use apache in accel
mode (which is apache's name for running as a proxy). Apache probably
gives you more control than mere ACLs.
Hossein
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
