On Wed, 18 Aug 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
http_access allow manager localhost http_access deny manager
Ok
http_access allow KIOSK.dstdomain http_access allow KIOSK
Is this really what you want?
Allow everyone access to KOISK.dstdomain
Allow KIOSK access to everything.
http_access deny KIOSK
This is redundant due to the above.
http_access allow MYAIRMAIL
http_access allow PAGING
http_access deny PAGING
This is redundand. You can not deny what you have already allowed.
http_access deny BLOCK.NOT.YAHOO http_access allow YAHOOMESSENGER http_access deny YAHOOMESSENGER
This i redundant.
http_access deny BLOCK.NOT.AOL http_access allow AOL http_access deny AOL
This is redundant.
http_access deny lab.src lab.dstdomain http_access allow lab.src http_access deny lab.src
This is redundant.
http_access allow LOG-ONLY-HOSTS http_access deny NO.NONBLOCK NONBLOCK http_access allow NONBLOCK http_access allow NONPORN http_access deny BLOCK http_access deny MIMEBLOCK http_access deny RESTRICTED-BROWSER http_access deny RESTRICTED-DOM
http_access allow manager ADMIN-HOSTS http_access deny manager
This is redundant due to the first two rules already taking care of all manager access.
http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost
These should be much higher, before your own first accept rule.
Somewhere before this last deny of everything else it looks like there is some allow statements missing, allowing access after you have filtered out all the things you do not want to see..
http_access deny all
Regards Henrik
