<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1493932418810_27324" dir="ltr">What is the difference between :</div><div id="yui_3_16_0_ym19_1_1493932418810_27324" dir="ltr"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1493932418810_27373">http_access allow From_Source_Domains</span><br clear="none" style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1493932418810_27374"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1493932418810_27375">http_access allow To_Destination_Domains</span><span style="font-family: "Helvetica Neue", "Segoe UI", Helvetica, Arial, "Lucida Grande", sans-serif; font-size: 13px;"><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;"><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;">And</span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;"><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;"><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;" id="yui_3_16_0_ym19_1_1493932418810_27392">http_access allow From_Source_Domains To_Destination_Domains</span><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;"><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;"><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27322"><span style="font-family: HelveticaNeue, "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;">?</span></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1493932418810_27346"><br></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1493932418810_27346"><br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1493932418810_27225" style="display: block;"> <div style="font-family: Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1493932418810_27224"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1493932418810_27223"> <div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27222"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1493932418810_27347"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Amos Jeffries <squid3@treenet.co.nz><br> <b><span style="font-weight: bold;">To:</span></b> squid-users@lists.squid-cache.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, May 3, 2017 8:19 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [squid-users] limit access with acl only based on source and destination domain<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1493932418810_27348"><br><div dir="ltr" id="yui_3_16_0_ym19_1_1493932418810_27349">On 03/05/17 12:40, Blaxton wrote:<br clear="none">> Hi<br clear="none">><br clear="none">> I am trying to limit the out bound connection based on list of domain <br clear="none">> names defined<br clear="none">> in srcdomain and dstdomain.<br clear="none">><br clear="none">> Here is acl :<br clear="none">><br clear="none">> acl From_Source_Domains srcdomain domain1 domain2 domain3<br clear="none">> acl To_Destination_Domains dstdomain domain4 domain5 domain6<br clear="none">><br clear="none">> Now some web site says below considered OR and it is working for me:<br clear="none">> http_access allow From_Source_Domains<br clear="none">> http_access allow To_Destination_Domains<br clear="none">><br clear="none">> And some web sites saying below considered AND but it is not working <br clear="none">> for me:<br clear="none">> http_access allow From_Source_Domains To_Destination_Domains<br clear="none">><br clear="none">> I am assuming since I have not allowed any port, then port should be <br clear="none">> disabled<br clear="none">> but it is not, on OR of the src and dst domains.<br clear="none"><br clear="none">No, ports are not part of that lines rule. There is no enable/disable - <br clear="none">they are simply irrelevant when processing that line.<br clear="none"><br clear="none">Traffic which gets filtered by that line coming from any client whose IP <br clear="none">address rDNS matches one of the "From_Source_Domains" AND URL contains <br clear="none">one of the "To_Destination_Domains" gets allowed into Squid.<div class="yqt9829216292" id="yqtfd60831"><br clear="none"><br clear="none">><br clear="none">> If add<br clear="none">> acl http_port 80<br clear="none">> http_access allow http_port<br clear="none">><br clear="none">> Then it allow traffic from any source to any destination if port is 80.<br clear="none">><br clear="none">> Kind of confusing and need a bit of help.</div><br clear="none"><br clear="none">The "how" is simple:<br clear="none"><br clear="none"> http_access lines are processed from top to bottom, left to right. <br clear="none">First fully matching line wins and its action (allow or deny) happens.<br clear="none"><br clear="none"><wiki.squid-cache.org/SquidFaq/OrderIsImportant><br clear="none"><<a shape="rect" href="http://wiki.squid-cache.org/SquidFaq/SquidAcl#The_Basics:_How_the_parts_fit_together" target="_blank">http://wiki.squid-cache.org/SquidFaq/SquidAcl#The_Basics:_How_the_parts_fit_together</a>><br clear="none"><<a shape="rect" href="http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes" target="_blank">http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes</a>><br clear="none"><br clear="none">Amos<br clear="none">_______________________________________________<br clear="none">squid-users mailing list<br clear="none"><a shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none"><a shape="rect" href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><div class="yqt9829216292" id="yqtfd56932"><br clear="none"></div></div><br><br></div> </div> </div> </div></div></body></html>