It is better to reverse the order
first use deny and then use allow.
Azher
On Thu, 14 Jan 1999, Duane Wessels wrote:
> Richard van Drimmelen writes:
>
> >Dear squid users,
> >
> >
> >In our institute I see that one specific PC in a student room is used a
> >lot for browsing 'nudies'. I'd like to restrict this browsing by
> >combining three acl's, based on:
> >
> > - the IP address/subnetmask of the PC
> > - the various sites visited,
> > - browsing time (disallowed between MON-FRI 09:00-17:00)
> >
> >What I've tried:
> >
> > acl STUDENT_PC src x.x.x.x/255.255.255.255
> > acl DIRTY_LITTLE_BASTARD dstdom_regex site1 site2 site3 site4
> > acl COME_BACK_LATER MTWHF 09:00-17:00
> >
> > http_access allow STUDENT_PC
> > http_access deny DIRTY_LITTLE_BASTARD
> > http_access deny COME_BACK_LATER
>
> The first one is matched, so the request is allowed. The other two lines
> are never consulted.
>
> >
> >I still get connected. Also tried:
> >
> > http_access allow COME_BACK_LATER
>
> Try putting them on the same line:
>
> http_access deny STUDENT_PC DIRTY_LITTLE_BASTARD COME_BACK_LATER
>
> put it at the top (or near) of your http_access lines.
>
>
> Duane W.
>
