[f-nsp] IP Filter
Lee Han Kiong
hklee at pedoman.com.my
Fri Mar 12 05:06:46 EST 2010
Hi all,
I just defined two rules for IP filtering, as below
server cache-name jaguar1 192.168.1.51
port http
port http url "HEAD /"
!
server cache-group 1
cache-name jaguar1
spoof-support
aaa authentication web-server default local
boot sys fl sec
no enable aaa console
ip address 192.168.1.200 255.255.255.0
ip default-gateway 192.168.1.254
ip policy 1 cache tcp http global
ip filter 1 deny 192.168.1.111 255.255.255.255 any tcp eq http
ip filter 2 permit any any
!
Both rules are not yet deployed (using filter-match) at any cache server,
but I fail to see any HTTP packet redirect to the caching servers when I am
browsing using 192.168.1.111 host.
Only upon removing the “ip filter 1” then only I can see the redirection is
working. By right, all the cache servers should still be allowed to cache
any cacheable content.
Any comment?
Br,
Lee
Internal Virus Database is out-of-date.
Checked by AVG.
Version: 7.5.560 / Virus Database: 268.14.0/524 - Release Date: 11/8/2006
1:40 PM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100312/a29eb1fa/attachment.html>
More information about the foundry-nsp
mailing list