On Wed, 25 Feb 2004, OTR Comm wrote:

> Hello,
>
> > deny_info uses the last acl on the http_access line denying access, so by
> > defining "dummy" acls which always matches you can have detailed control
> > per http_access line which deny_info message is used.

>
> Can you give me an example of a "dummy" acl that always matches?


acl somename src 0.0.0.0/0

> http_access allow password
>
> http_access deny ADVERTISE
>
> http_access allow our_networks


In the above only the first http_access directive will ever be used.
Un-authenticated users will be prompted for authentication, and all
authenticated users are allowed access, so the following http_access
directives will never be reached.


I think you want somehting like this:

http_access deny ADVERTISE
http_access allow our_networks password
http_access deny all

or maybe

http_access deny !our_networks
http_access deny ADVERTISE
http_access allow password
http_access deny all


As for when/how to use deny_info this depends on what you want to
accomplish.

Regards
Henrik