[squid-users] acl declaration
Alex Rousskov
rousskov at measurement-factory.com
Thu Oct 4 21:15:22 UTC 2018
On 10/04/2018 12:40 PM, Alex Gutiérrez MartÃnez wrote:
> http_access deny trabajo sociales !pcinternet !adminred oficina
This rule denies any request that matches each and every acl expression
listed in the rule. You have 5 such expressions: trabajo, sociales, not
pcinternet, not adminred, and oficina.
> Do i write the rule like above or like this
The correct configuration depends on what you want Squid to do. You have
not provided that information explicitly AFAICT, and I am not going to
guess.
> http_access deny trabajo sociales !pcinternet
> http_access deny trabajo sociales !adminred
> http_access deny trabajo sociales oficina
The above three rules deny any request that matches at least one of the
following three ACL expressions:
1. trabajo and sociales but not pcinternet
2. trabajo and sociales but not adminred
3. trabajo and sociales and oficina
Here is all you need to know to answer your specific question and many
similar ones:
* First, same-rule ACLs are ANDed together (logical conjunction).
This tells you what an individual http_access rule matches.
* Next, all http_access rules are ORed together (logical disjunction).
This tells you what http_access configuration, as a whole, matches.
rule[i] = acl1 AND acl2 AND acl3 AND ...
http_access = rule1 OR rule2 OR ...
HTH,
Alex.
More information about the squid-users
mailing list