Yes, this is what i am exactly tring to do, but when i block msn_acl and msn_acl2 for all and allowed the two, it did not worked, instead it is blocked for all, I am not sure why it is happening. In short i am unable to allow my two subnets to brows through webmail and deny other users for webmails and msn sites. --- Lucia Di Occhi <[EMAIL PROTECTED]> wrote:
> Alright, what's not working with the ACL? > > As you know the ACL is read TOP down and it will > stop reading at the first > match, so: > > http_access deny msn_acl !onesubent !twosubnet > (Will block msn_acl for > all but 2 subnets) > http_access deny msn_acl2 !onesubnet !twosubnet > (Will block msn_acl2 from > all but 2 subnets) > > ##blocking orkut for all### > http_access deny msn_acl3 (Will block msn_acl3 for > ALL subnets) > http_access deny msn_acl4 (Will block msn_acl4 for > ALL subnets) > > ###Allowing rest### > http_access allow mynet (Will allow everything else) > > so basically you are blocking msn_acl and msn_acl2 > for everyone but two > subnets and you are blocking msn_acl3 and msn_acl4 > for everyone. Lastly you > allow everything else. Is that you intended > behaviour? What behaviour are > you getting when you say it does not work? > > > > >From: Mohsin Khan <[EMAIL PROTECTED]> > >To: Lucia Di Occhi <[EMAIL PROTECTED]> > >Subject: RE: [squid-users] another Acl question > >Date: Thu, 23 Dec 2004 06:33:50 -0800 (PST) > > > >i am using this statment > > > >http_access deny msn2 !onesubnet !twosubnet > > > >msn_acl is just to give an idea...its is basically > >msn1 msn2 msn3 msn4 > > > >--- Lucia Di Occhi <[EMAIL PROTECTED]> wrote: > > > > > I am nut sure how you do it. if the ACL name is > > > 'msn1' you cannot do > > > 'http_access deny msn_acl !onesubent !twosubnet' > > > since msn_acl is not > > > defined, sane is true with 'http_access deny > > > msn_acl3' cause I do not see a > > > msn_acl3 defined anywhere in the config file. > > > > > > Did you copy/paste the actual squid.conf > section? > > > > > > >From: Mohsin Khan <[EMAIL PROTECTED]> > > > >To: Lucia Di Occhi <[EMAIL PROTECTED]> > > > >Subject: RE: [squid-users] another Acl question > > > >Date: Thu, 23 Dec 2004 03:33:53 -0800 (PST) > > > > > > > >here is it, > > > > > > > >acl msn1 dstdomain .msn.com > > > >acl msn1 dstdomain .hotmail.com > > > >acl msn1 dstdomain .passport.com > > > >acl msn1 dstdomain .yahoo.com > > > >acl msn1 dstdomain .e-messenger.net > > > >acl msn1 dstdomain .gmail.com > > > >acl msn1 dstdomain gmail.google.com > > > >acl msn1 dstdomain .msnger.com > > > > > > > >acl msn3 dstdomain .orkut.com > > > >acl msn3 dstdomain .hi5.com > > > > > > > >acl msn2 dstdom_regex [-i] .hotmail.com > > > >acl msn2 dstdom_regex [-i] .msn.com > > > >acl msn2 dstdom_regex [-i] .passport.com > > > >acl msn2 dstdom_regex [-i] .yahoo.com > > > >acl msn2 dstdom_regex [-i] .e-messenger.net > > > >acl msn2 dstdom_regex [-i] .gmail.com > > > >acl msn2 dstdom_regex [-i] gmail.google.com > > > >acl msn2 dstdom_regex [-i] .msnger.com > > > > > > > >acl msn4 dstdom_regex [-i] .orkut.com > > > >acl msn4 dstdom_regex [-i] .hi5.com > > > > > > > >where msn=msn_acl (as per my mail) > > > > > > > > > > > >--- Lucia Di Occhi <[EMAIL PROTECTED]> > wrote: > > > > > > > > > can you send the full definition of each ACL > > > such as > > > > > msn_acl3 > > > > > msn_acl4 > > > > > It would be best to have the whole ACL > > > subsession of > > > > > the squid.conf for > > > > > troubleshooting. > > > > > > > > > > >From: Mohsin Khan <[EMAIL PROTECTED]> > > > > > >To: [email protected] > > > > > >Subject: [squid-users] another Acl question > > > > > >Date: Wed, 22 Dec 2004 20:09:37 -0800 (PST) > > > > > > > > > > > >hi, > > > > > > > > > > > > i have squid Version > > > 2.5.STABLE1 > > > > > >running on one of my red hat advnace > server. I > > > have > > > > > >acls to block webmails (yahoo, hotmil etc) > and > > > msn, > > > > > >and sites. Two of my subnets were allowd > every > > > > > thing. > > > > > >It was working fine, but when I tried to > block > > > > > Orkut i > > > > > >am facing some strange situation. I have a > > > > > 172.16.0.0 > > > > > >with in this I have two subnets that are > > > allowed > > > > > every > > > > > >thing. > > > > > > > > > > > > What i did is > > > > > > > > > > > >###Allowing webmails for these subnets### > > > > > >http_access deny msn_acl !onesubent > !twosubnet > > > > > >http_access deny msn_acl2 !onesubnet > !twosubnet > > > > > >##blocking orkut for all### > > > > > >http_access deny msn_acl3 > > > > > >http_access deny msn_acl4 > > > > > >###Allowing rest### > > > > > >http_access allow mynet > > > > > > > > > > > > > > > > > > > > > > > >but these set of acls not working I know i > am > > > wrong > > > > > >some where or missing some thing, but can > any > > > one > > > > > let > > > > > >me know where > > > > > > > > > > > >Thanks in advance for any help > > > > > > > > > > > >===== > > > > > >Regards, > > > > > >Mohsin Khan > > > > > >CCNA ( Cisco Certified Network Associate > 2.0 ) > > > > > >http://forum.aaghaz.net > > > > > > > > > > > > >>>Happy is the one who can smile<<< > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >__________________________________ > > > > > >Do you Yahoo!? > > > > > >The all-new My Yahoo! - Get yours free! > > > > > >http://my.yahoo.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > >_________________________________________________________________ > > > > > Don�t just search. Find. Check out the new > MSN > > > > > Search! > > > > > > > > > > > >http://search.msn.click-url.com/go/onm00200636ave/direct/01/ > > > > > > > > > > > > > > > > > > > > > >===== > > > >Regards, > > > >Mohsin Khan > > > >CCNA ( Cisco Certified Network Associate 2.0 ) > > > >http://forum.aaghaz.net > === message truncated === ===== Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) http://forum.aaghaz.net >>>Happy is the one who can smile<<< __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250
