> Well, you're only matching "not-my-network". You should have > more http_access commands, even by default. Show the rest of > them. I think this would be more appropriate: > > http_access allow internal > http_access deny all > > That would first let the right people surf, and then deny > everything else.
> acl internal src 10.1.1.0/24 > http_access deny !internal When you say "not-my-network" do you mean I defined my network, never allowed my network and then denied everything but my network? If so, I have effectively not allowed anything. No? I am trying to get a better feel for the syntax, hence my above questions. And again thanks for the patience. Then perhaps with my notes to the right: acl internal src 10.1.1.0/24 #defines my internal lan http_access allow internal #allows the internal lan access http_access deny all #denies all others As you requested here are the additional http_access lines from much further into the file. # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # acl myclients src 10.1.1.0/24 http_access allow myclients # And finally deny all other access to this proxy http_access deny all Would it be safe to drop the above 4 lines if I have already done such things at the first of the file? --Bob _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"