>-Original Message-
>From: Greg Whynott [mailto:greg.whyn...@gmail.com]
>Sent: Wednesday, April 04, 2012 5:04 PM
>To: Squid Users
>Subject: [squid-users] does a match on an ACL stop or continue?
>
>If i have a list of 10 ACLs and a client matches on ACL#4, will ACLs
>#6-10 be considered or does squid stop evaluating the ACLs and preform the
>actions defined in ACL#4?
>
>example:
>
>if someone in the network 10.101.10.0/24 attempts to load "badsite.com", will
>they be denied with the ACLs below or will the TOS be modified and the site
>>loaded?
>
>acl execnetwork src 10.10.10.0/24
>tcp_outgoing_tos 0x38 execnetwork
>
>acl badsite url_regex -i badsite
>http_access deny badsite
>
>
>I ask as it appears to not be consistent with my current setup.
>
>thanks for your time,
>greg
Hi Greg
As far as I know it stops when it hits a rule. Rules are "AND'd "or "OR'd"
together.
This is AND:
Deny if URL is in badsite AND connection from execnetwork.
http_access deny badsite execnetwork
This is OR:
Deny if connection from execnetwork OR URL is in badsite.
http_access deny execnetwork
http_access deny badsite
Regards
Jasper
