TAG NAME http_access

Description Using this, you can allow or deny the access lists defined by acl
Build Option
 Default
Usage
 http_access allow|deny [!] aclname …
Default
 http_access deny all
Synopsis
This is used for filtering based on the acl matchings. If none of the “access” lines cause a match, the default is the opposite of the last line in the list.  If the last line was deny, then the default is allow.  Conversely, if the last line is allow, the default will be deny.  For these reasons, it is a good idea to have an “deny all” or “allow all” entry at the end of your access lists to avoid potential confusion.

Arguments

allow/deny
 Allow or deny on matching the acl
aclname
 Access list to be allowed/denied on match

Example(s)
To allow http_access for only one machine with MAC Address 00:08:c7:9f:34:41
To restrict access to work hours (9am – 5pm, Monday to Friday) from IP 192.168.2/24
Can i use multitime access control list for different users for different timing
Rules are read from top to bottom

Note
The deny all line is very important. After all the http_access rules, if access isn’t denied, it’s ALLOWED !! So, specifying a LOT of http_access allow rules, and forget the deny all after them, is the same of NOTHING. If access isn’t allowed by one of your rules, the default action ( ALLOW ) will be triggered. So, don’t forget the deny all rule AFTER all the rules.

And, finally, don’t forget rules are read from top to bottom. The first rule matched will be used. Other rules won’t be applied.
Recommended minimum http_access configuration
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all