[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: IP based ACL
Just another datapoint on this issue:
I've found using peername.regex was the only way I could get this to
work. None of the "exact" samples I could find anywhere would match.
We're using 2.2.4 here.
Q: is there a performance hit for using .regex rather than an exact
match?
Q2: does anyone know what the exact match should be?
Craig
On Thu, 26 Feb 2004, Frank Swasey wrote:
> Today at 8:51am, charlie derr wrote:
>
> > access to *
> > by peername="ip=1.2.3.4:*" read
> > by anonymous none
> > by * read
>
> You will be better served to actually force it to use regex instead of
> using the default (in 2.1) behavior. If you use the default behavior
> today and upgrade to 2.2 tomorrow, you will be dismayed that it has
> suddenly stopped working because the default in 2.2 is exact.
>
> So, I would recommend that you use:
> access to *
> by peername.regex="^ip=1.2.3.4:" read
> by anonymous none
> by * read
>
>
--
........................................................................
$Id: mathdeptsysadmin,v 2.0 Mon Mar 8 11:50:50 2004 Craig Squires Exp $
Your excuse is: static from plastic slide rules
[Excuse courtesy of The BOFH-style Excuse Server: nc riemann excuses]