+# Access Control List for the Internet Junkbuster 2.0
+#
+# Copyright 1997-8 Junkbusters Corp. For distribution, modification and use
+# under the GNU General Public License. These files come with NO WARRANTY.
+# See http://www.junkbusters.com/ht/en/gpl.html or README file for details.
+#
+# Access controls are included at the request of some ISPs and systems
+# administrators, and are not usually needed by individual users.
+# Please note the warnings in the FAQ that this proxy is not
+# intended to be a substitute for a firewall or to encourage anyone
+# to defer addressing basic security weaknesses.
+# For details see http://www.junkbusters.com/ht/en/ijbman.html#aclfile
+
+# For this file to have any effect, the line beginning "aclfile"
+# must be commented in, with the name of this file following the word "aclfile"
+
+# If no access file is specified, the proxy talks to anyone that connects.
+# If an access file is specified, the proxy talks only to IP addresses
+# permitted somewhere in this file and not denied later in this file.
+#
+# Summary -- if using an ACL:
+#
+# Client must have permission to receive service
+# LAST match in ACL file wins
+# Default behavior is to deny service
+#
+# Syntax for an entry in an Access Control List is:
+#
+# ACTION SRC_ADDR[/SRC_MASKLEN] [ DST_ADDR[/DST_MASKLEN] ]
+#
+# where the fields are
+#
+# ACTION = "permit" | "deny"
+#
+# SRC_ADDR = client hostname or dotted IP address
+# SRC_MASKLEN = number of bits in the subnet mask for the source
+#
+# DST_ADDR = server or forwarder hostname or dotted IP address
+# DST_MASKLEN = number of bits in the subnet mask for the target
+#
+# field separator (FS) is whitespace (space or tab)
+#
+# IMPORTANT NOTE
+# ==============
+# If the junkbuster is using a forwarder or a gateway for a particular
+# destination URL, the DST_ADDRR that is examined is the address of
+# the forwarder or the gateway and NOT the address of the ultimate target.
+# This is necessary because it may be impossible for the local
+# junkbuster to determine the address of the ultimate target
+# (that's often what gateways are used for).
+#
+# Here are a few examples to show how the ACL works:
+
+# localhost is OK -- no DST_ADDR implies that ALL destination addresses are OK
+# permit localhost
+
+# a silly example to illustrate:
+#
+# permit any host on the class-C subnet with junkbusters to go anywhere
+#
+# permit www.junkbusters.com/24
+#
+# except deny one particular IP address from using it at all
+#
+# deny ident.junkbusters.com
+
+# another example
+#
+# You can specify an explicit network address and subnet mask.
+# Explicit addresses do not have to be resolved to be used.
+#
+# permit 207.153.200.0/24
+
+# a subnet mask of 0 matches anything, so the next line permits everyone.
+#
+# permit 0.0.0.0/0
+
+# Note: you cannot say
+#
+# permit .org
+#
+# to allow all .org domains; every IP-address listed must resolve fully.
+
+# An ISP may want to provide a junkbuster that is accessible by "the world"
+# and yet restrict use of some of their private content to hosts on its
+# internal network (i.e. its own subscribers). Say, for instance the
+# ISP owns the Class-B IP address block 123.124.0.0 (a 16 bit netmask).
+# This is how they could do it:
+
+# permit 0.0.0.0/0 0.0.0.0/0 # other clients can go anywhere
+# with the following exceptions:
+#
+# deny 0.0.0.0/0 123.124.0.0/16 # block all external requests for
+# sites on the ISP's network
+#
+# permit 0.0.0.0/0 www.my_isp.com # except for the ISP's main web site
+#
+# permit 123.124.0.0/16 0.0.0.0/0 # the ISP's clients can go anywhere
+
+# Note that some hostnames may be listed with multiple IP addresses;
+# the primary value returned by gethostbyname() is used.
+#
projects / privoxy.git / blobdiff