Squid configuration directive acl
- Changes in 3.4 acl
New test type server_cert_fingerprint to match against server SSL certificate fingerprint.
New test type note to match against transaction annotations by name and value, or just by name.
New test type any-of to match if any one of a set of named ACLs.
New test type all-of to match against all of a set of named ACLs.
- Changes in 3.3 acl
myport and myipACL types replaced with localport and localip respectively. To reflect that it matches the TCP connection details and not the squid.conf port. This matters when dealing with intercepted traffic, where the Squid receiving port differs from the TCP connection IP:port. Always use myportname type to match the squid.conf port details.
New default built-in ACLs for testing SSL certificate properties.
ssl::certHasExpired, ssl::certNotYetValid, ssl::certDomainMismatch, ssl::certUntrusted, ssl::certSelfSigned.
- Changes in 3.2 acl : random, urllogin
New type random. Pseudo-randomly match requests based on a configured probability.
Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).
The manager ACL requires adjustment to cover new cache manager access. So it has now been built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
^(cache_object://|https?://[^/]+/squid-internal-mgr/)squid.conf containing the old manager definition can expect to see ACL type collisions.
For older versions see the linked page above
|Default Value:||ACLs all, manager, localhost, and to_localhost are predefined.|
# # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
- FAQ and Wiki
- Guide Books:
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork