Hi Matus All my other http_access rules are either based on a single "acl src", "acl dst" (and variants) or "acl src, acl dst". The question (and not a problem) is whether I can have a http_access rule that is built from a: "acl src, acl dst and acl port"?
Anyhow Amos Jeffries replied me in private and taught me that it can be done... TIA Paolo On Sun, Feb 19, 2012 at 1:13 PM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: >>> On 16.02.12 15:51, Paolo Supino wrote: >>>> >>>> I have the following scenario: I have a subnet that needs to get out >>>> on the internet to 2 different subnets. To subnet1 it needs to be able >>>> to access only in HTTP while to subnet2 it needs to be able to access >>>> only in HTTPS. Is it possible to do the follwoing: >>>> >>>> acl source_subnet src 192.168.100.0/255.255.255.0 >>>> acl destination_subnet1 dst 172.16.0.0/255.255.0.0 >>>> acl destination_subnet2 dst 172.31.0.0/255.255.0.0 >>>> acl HTTP_PORT port 80 >>>> acl SSL_PORT port 443 >>>> >>>> http_access allow source_subnet destination_subnet1 HTTP_PORT >>>> http_access allow source_subnet destination_subnet2 SSL_PORT > > >> On Fri, Feb 17, 2012 at 9:55 AM, Matus UHLAR - fantomas >> <uh...@fantomas.sk> wrote: >>> >>> do you have any other http_access directives in the config? > > > On 17.02.12 14:34, Paolo Supino wrote: >> >> Yes I have a few http_access rules in my squid.conf (7 to be >> precise), but I can't fold this ACL into the other ACLs I have (I >> would have done it if I could). > > > and what exactly is your problem? is other access to those two also allowed? > Or is the access you need denied? > For the former case, you are allowing access but you are not denying > anything, or at least not with these directives. That might be your problem. > > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Windows 2000: 640 MB ought to be enough for anybody
