On Wed, 18 Aug 2004 Jim_Brouse/PYT@PASCUAYAQUITRIBE.ORG wrote:
>> http_access allow manager localhost
>> http_access deny manager
Ok
>> http_access allow KIOSK.dstdomain
>> http_access allow KIOSK
Is this really what you want?
Allow everyone access to KOISK.dstdomain
Allow KIOSK access to everything.
>> http_access deny KIOSK
This is redundant due to the above.
>> http_access allow MYAIRMAIL
>> http_access allow PAGING
>> http_access deny PAGING
This is redundand. You can not deny what you have already allowed.
>> http_access deny BLOCK.NOT.YAHOO
>> http_access allow YAHOOMESSENGER
>> http_access deny YAHOOMESSENGER
This i redundant.
>> http_access deny BLOCK.NOT.AOL
>> http_access allow AOL
>> http_access deny AOL
This is redundant.
>> http_access deny lab.src lab.dstdomain
>> http_access allow lab.src
>> http_access deny lab.src
This is redundant.
>> http_access allow LOG-ONLY-HOSTS
>> http_access deny NO.NONBLOCK NONBLOCK
>> http_access allow NONBLOCK
>> http_access allow NONPORN
>> http_access deny BLOCK
>> http_access deny MIMEBLOCK
>> http_access deny RESTRICTED-BROWSER
>> http_access deny RESTRICTED-DOM
>> http_access allow manager ADMIN-HOSTS
>> http_access deny manager
This is redundant due to the first two rules already taking care of all
manager access.
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny to_localhost
These should be much higher, before your own first accept rule.
Somewhere before this last deny of everything else it looks like there is
some allow statements missing, allowing access after you have filtered out
all the things you do not want to see..
>> http_access deny all
Regards
Henrik
Received on Thu Aug 19 2004 - 01:36:40 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:02 MDT