Yep it's working. All thanks for the help.
Jonathan Larmour wrote:
>
> Richard van Drimmelen wrote:
> > Duane Wessels wrote:
> > > Richard van Drimmelen writes:
> > >
> > > >In our institute I see that one specific PC in a student room is used a
> > > >lot for browsing 'nudies'. I'd like to restrict this browsing by
> > > >combining three acl's, based on:
> > > >
> > > > - the IP address/subnetmask of the PC
> > > > - the various sites visited,
> > > > - browsing time (disallowed between MON-FRI 09:00-17:00)
> > > >
> > > >What I've tried:
> > > >
> > > > acl STUDENT_PC src x.x.x.x/255.255.255.255
> > > > acl DIRTY_LITTLE_BASTARD dstdom_regex site1 site2 site3 site4
> > > > acl COME_BACK_LATER MTWHF 09:00-17:00
> > > >
> > > > http_access allow STUDENT_PC
> > > > http_access deny DIRTY_LITTLE_BASTARD
> > > > http_access deny COME_BACK_LATER
> > >
> > >
> > > Try putting them on the same line:
> > >
> > > http_access deny STUDENT_PC DIRTY_LITTLE_BASTARD COME_BACK_LATER
> >
> > The first "http_access deny STUDENT_PC" is matched -> PC is completely
> > banned from browsing ALL the time ?????
>
> No. Putting multiple things on the same http_access line means it will use
> "AND" logic. i.e. if the STUDENT_PC acl is matched _and_ the
> DIRTY_LITTLE_BASTARD acl is matched _and_ the COME_BACK_LATER acl is
> matched, then deny. Processing continues afterwards as usual if any of those
> acl's are not matched.
>
--
Richard van Drimmelen | email: [EMAIL PROTECTED]
System Management Research | phone: +31 20 5121899
The Netherlands Cancer Institute, Amsterdam | fax: +31 20 5121893
