[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP based ACL



Just another datapoint on this issue:

I've found using peername.regex was the only way I could get this to
work. None of the "exact" samples I could find anywhere would match.
We're using 2.2.4 here.

Q: is there a performance hit for using .regex rather than an exact
match?

Q2: does anyone know what the exact match should be?

Craig

On Thu, 26 Feb 2004, Frank Swasey wrote:

> Today at 8:51am, charlie derr wrote:
> 
> > access to *
> >        by peername="ip=1.2.3.4:*" read
> >        by anonymous none
> >        by * read
> 
> You will be better served to actually force it to use regex instead of
> using the default (in 2.1) behavior.  If you use the default behavior
> today and upgrade to 2.2 tomorrow, you will be dismayed that it has
> suddenly stopped working because the default in 2.2 is exact.
> 
> So, I would recommend that you use:
> access to *
>         by peername.regex="^ip=1.2.3.4:" read
>         by anonymous none
>         by * read
> 
> 

-- 
........................................................................
$Id: mathdeptsysadmin,v 2.0 Mon Mar  8 11:50:50 2004 Craig Squires Exp $
Your excuse is: static from plastic slide rules
[Excuse courtesy of The BOFH-style Excuse Server: nc riemann excuses]