On Wed, 25 Feb 2004, OTR Comm wrote: > Hello, > > > deny_info uses the last acl on the http_access line denying access, so by > > defining "dummy" acls which always matches you can have detailed control > > per http_access line which deny_info message is used. > > Can you give me an example of a "dummy" acl that always matches?
acl somename src 0.0.0.0/0 > http_access allow password > > http_access deny ADVERTISE > > http_access allow our_networks In the above only the first http_access directive will ever be used. Un-authenticated users will be prompted for authentication, and all authenticated users are allowed access, so the following http_access directives will never be reached. I think you want somehting like this: http_access deny ADVERTISE http_access allow our_networks password http_access deny all or maybe http_access deny !our_networks http_access deny ADVERTISE http_access allow password http_access deny all As for when/how to use deny_info this depends on what you want to accomplish. Regards Henrik
