Squid configuration directive acl
- Changes in 3.3 acl
myport and myipACL types replaced with localport and localip respectively. To reflect that it matches the TCP connection details and not the squid.conf port. This matters when dealing with intercepted traffic, where the Squid receiving port differs from the TCP connection IP:port. Always use myportname type to match the squid.conf port details.
New default built-in ACLs for testing SSL certificate properties.
ssl::certHasExpired, ssl::certNotYetValid, ssl::certDomainMismatch, ssl::certUntrusted, ssl::certSelfSigned.
- Changes in 3.2 acl : random, urllogin
New type random. Pseudo-randomly match requests based on a configured probability.
Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).
The manager ACL requires adjustment to cover new cache manager access. So it has now been built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
^(cache_object://|https?://[^/]+/squid-internal-mgr/)squid.conf containing the old manager definition can expect to see ACL type collisions.
- Changes in 2.7 acl myportname
new acl matching the incoming port name
For older versions see the linked page above
|Default Value:||ACLs all, manager, localhost, and to_localhost are predefined.|
# # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN) acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN) acl localhet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN) acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN) acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
- FAQ and Wiki
- Guide Books:
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork