Hi Thomas
I am not familiar too, but I write my acl-s different
I deny every trafic I don't want to have
the http_access allow Safe_ports ... allows everything i htink
the restrictions would I write
acl time1 time 08:00-10:00
acl time2 time 10:00-12:00
http_access deny slot1_ip !time1
http_access deny slot2_ip !time2
Alexander
--- thomas [EMAIL PROTECTED] wrote:
Dear All
Requirement has arisen to provide access to a group of machine
categorized based on IP address.
ACL created is as follows:-
acl fulltime_ip 10.10.10.40-10.10.10.254
acl slot1_ip src 10.10.10.25 10.10.10.3010.10.10.35
acl slot1_time time 08:00-10:00
acl slot2_ip src 10.10.10.39 10.10.10.40 10.10.10.41
acl slot2_time time 10:00-12:00
acl CONNECT method CONNECT
acl ncsa_users proxy_auth REQUIRED
HTTP_ACCESS statements are as follows:-
http_access allow localhost
http_access allow ncsa_users
http_access allow slot1_ip slot1_time
http_access allow slot2_ip slot2_time
http_access allow fulltime_ip
http_access allow Safe_ports
http_reply_access allow all
icp_access allow all
miss_access allow all
http_access allow SSL_ports
http_access deny all
Q1= With above ACL and http_access, machines are not getting denied
though they are supposed to be denied apart from their specified time
slot.
Q2= Is the http_access sequence OK? If not what should be?
Q3= Please suggest better way of doing the same?
Q4= Similar to http_access sequence, should I have to take care of acl
statement sequence too?
TIA
__
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
