On Mon, 15 Mar 2004 [EMAIL PROTECTED] wrote: > Hello Christoph, > > Thanks for your reply. > > However, it still doesn't work..... > > I tried to add the subnet mask by the end of the acl line as below, but then > access is given to all IPs in the network: > > acl subgroup src 120.202.200.20/255.255.255.0
There should be NO netmask when specifying individual IP addresses. Only when specifying whole networks should a netmask be used. 120.202.200.20/255.255.255.0 == 120.202.200.0/255.255.255.0 == 120.202.200.0/24 (except that Squid will warn you about the first probably not being what you intended...) > >> http_access allow rionet allowed_ext > >> http_access deny rionet denied_ext morning > >> http_access deny rionet denied_ext afternoon > >> http_access allow rionet > >> http_access allow localhost > >> http_access deny all The key is the order of your http_access rules. The above says 1. rionet is allowed to access allowed_ext 2. else denied if it is morning or afternoon and request matches denied_ext 3. else allowed If you want other rules of another subgroup of "rionet" you need to have these http_access rules before this. Regards Henrik
