| Tag Name | http_access |
| Usage | http_access allow|deny [!]aclname … |
Description
Allowing or denying http access based on defined access lists
If none of the “access” lines cause a match, the default is the opposite of the last line in the list. If the last line was deny, then the default is allow. Conversely, if the last line is allow, the default will be deny. For these reasons, it is a good idea to have a “deny all” or “allow all” entry at the end of your access lists to avoid potential confusion
| Default | http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all If there are no “access” lines present, the default is to allow the request |
Example
1. To allow http_access for only one machine with MAC Address 00:08:c7:9f:34:41
2. To restrict access to work hours (9am – 5pm, Monday to Friday) from IP 192.168.2/24
3. Can i use multitime access control list for different users for different timing
4. Rules are read from top to bottom
Caution
The deny all line is very important. After all the http_access rules, if access isn’t denied, it’s ALLOWED !! So, specifying a LOT of http_access allow rules, and forget the deny all after them, is the same of NOTHING. If access isn’t allowed by one of your rules, the default action ( ALLOW ) will be triggered. So, don’t forget the deny all rule AFTER all the rules.
And, finally, don’t forget rules are read from top to bottom. The first rule matched will be used. Other rules won’t be applied. Click here to See examples.
