[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: IP based ACL

Today at 8:51am, charlie derr wrote:

> access to *
>        by peername="ip=*" read
>        by anonymous none
>        by * read

You will be better served to actually force it to use regex instead of
using the default (in 2.1) behavior.  If you use the default behavior
today and upgrade to 2.2 tomorrow, you will be dismayed that it has
suddenly stopped working because the default in 2.2 is exact.

So, I would recommend that you use:
access to *
        by peername.regex="^ip=" read
        by anonymous none
        by * read

Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===