(no subject)

From: Brian Denehy <B-Denehy@dont-contact.us>
Date: Wed, 26 Jun 1996 08:50:12 +1000

| Hello,
| We are new in running Squidb17 and we have some few questions we want
| to submit to you. (Sorry for the quit long mail...)
| 1. ACL
| ------
| Inside the doc directory provided with the soft, there is a file
| containing some informations. We don't understand the example about
| ACLs :
| >For example, your cache might be configured to accept requests
| >from both inside and outside of your organization. In that case you'd
| >probably want to allow internal clients to access anything, but limit
| >outside access to only sites within your organization. It could be
| >done like this:

An access control list (acl) is just a list that various parameters will be
checked against (in more than one way, depending on context). They are named
to aid in the construction of rules in a human understandable fashion.

There is more than one method of limiting access, so the method must also be
named - an acl is therefore

acl - directive to configure
name - what we want to call it
method - how we want to compare
contents - varies with method

| >
| > acl ourclients src

This is an acl called ourclients which checks the source address of the
request against a couple of network/networkmask pairs - two syntaxes are
accepted, either an explicit mask (as in the first form) or a CIDR style
number of bits at the end (the second). The source address of a request is
ANDed with the netmask and then compared against the network number.

| > acl ourservers domain .whatsamattu.edu

This acl is called ourservers, and checks the end of the host part of a http
request against the list - thus a request to www.whatsamattu.edu will match
the acl but a request to www.whatsamattu.edu.au (the Australian branch campus)
will not.

| >
| > http_access deny !ourclients !ourservers

Now comes the actual test for access to the cache/proxy. This rule bars access
to the proxy to anyone who is NOT (!) in the ourservers and ourclients access
lists - in other words, requests will not be accepted from clients other than
ourselves which are not for objects in our domain.

| > http_access allow ourclients

Now we let our networks go out to everywhere.
| => what do you want to do and how do you do it ?
| ----------------
| What is exactly the duty of the ftpget server which is always running ?
| What information is provided by the tag 'ftp_user' and in which case
| this information is useful ?
ftp_user is the name supplied to an anonymous ftp server as a password. Some
ftp servers will not give access without a password, others will not give
access unless it makes network sense - in other words some will accept a null
password, some will accept the default "squid@", some will want
"squid@any.domain", and yet others will want "squid@your.domain" and check to
see if the request comes from your.domain. Some kind people even put proxy
servers in a higher priority or special class as a way of reducing load on
themselves. (or have at least talked about doing so)
Received on Tue Jun 25 1996 - 15:51:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:32 MST