XrLin Packet Node IV3SCP-2:XSCP

XrLin v504s Packet Node {IV3SCP-2:XSCP} ( Thu, 5 Mar 2026 08:11:40 -0001 )
Admin	Chat	Info	Links	Nodes	PMS	Ports	Routes	Stats	Terminal	Users
HTTP.ACL(8)             XR32 REFERENCE MANUAL                28/1/2013

NAME
        HTTP.ACL -- HTTP Proxy Egress Control File (Optional).

DESCRIPTION
        The HTTP.ACL file contains "rules" to control which
        destinations are allowed to be accessed via the HTTP
        proxy/tunnel.

        The rules allow you to specify which destination IP
        addresses and TCP ports may be accessed by specified
        source IP ranges.

        If the file is not present, or contains no valid rules,
        all destinations are blocked, and the "403 Forbidden"
        error page is returned to anyone who tries to use the
        proxy or tunnel.

        Egress control is vital to prevent miscreants using your
        HTTP server as a proxy to hide their IP address.

FORMAT
        The format of the entries in HTTP.ACL is the same as
        other .ACL (Access Control List) files.

        Each "rule" is specified on a separate line. Blank lines,
        or lines beginning with ';' or '#' are ignored. The
        maximum line length is 255 characters.

        Within each rule, fields must be separated by one or
        more spaces or tabs. The fields are as follows:

        <action> <src_ip>[/mask] <dst_ip>[/mask] <port(s)>

        The fields have the following meaning:

        <action>   PERMIT  Allow egress
                   DENY    Prevent egress

        <src_ip>   Source IP address (uplinked user).

        <dst_ip>   Destination IP address (target system).

        [mask]     Optional field.
                   Either: No. of bits (0-32) of address to
                           match from left to right,
                   Or:     Subnet mask in form n.n.n.n

        <port(s)>  One or more TCP service numbers (0-65535) on
                   the target system.  Allowed formats are "n",
                   "n,n,n", "n-n" or combination thereof.


        In the <src_ip> and <dst_ip> fields, 0.0.0.0/0 specifies
        "all addresses".

NOTE
        Rule testing stops at the *first* matching "permit" or
        "deny" statement, so it is vital that the list is ordered
        correctly.  For instance, to allow Internet users to
        access all LAN ports except 513 it would be ok to use:

  deny 0.0.0.0/0  192.168.0.0/24  513
  permit 0.0.0.0/0  192.168.0.0/24  1-65535

        but if the entries were reversed, the "permit" rule would
        match every case and the "deny" rule wouldn't be actioned.

EXAMPLES
        ; Allow LAN users to tunnel to anyone:
        PERMIT 192.168.0.0/24  0.0.0.0/0  0-65535
        ;
        ; Allow Internet users to tunnel only to certain
        ; ports on the node machine:
        PERMIT 0.0.0.0/0  192.168.0.245  23,87,1448,3600
        ;
        ; Allow Internet users to tunnel only to ports 23
        ; and 80 on the BBS machine:
        PERMIT 0.0.0.0/0  192.168.0.4  80,23
        ;
        ; Allow Amprnet users to access any Amprnet destination
        PERMIT 44.0.0.0/8  44.0.0.0/8  0-65535

FILES
       If required, HTTP.ACL must be located in the same
       directory as XR32.EXE.

SEE ALSO
        HTTP.SYS(8) -- HTTP Rewrite / Proxy Control File
        SOCKS.ACL(8) -- SOCKS Proxy Egress Control File
        TELPROXY.ACL(8) -- Telnet Proxy Egress Control File

HTTP.ACL(8)               END OF DOCUMENT