Squid ACL

From: Raewyn Ferguson <raewyn@dont-contact.us>
Date: Wed, 31 Jul 1996 10:06:13 +1200 (NZST)

Defining Access Control List in the squid.conf file.
 
I am looking at installing squid-1.1.alpha7 on an alpha Unix machine. But, I can't find any detailed documentation than the comments in the squid.conf file about defining the access control list inregard to controlling our ipaddresses accessing other web sites.
Can any-one answer the following two access control list questions?
1. How many ip-addresses can the squid.conf access control list handle?
   As I currently use the CERN 1.5v server which restricts our University
   ip-addresses to browse New Zealand(NZ) web sites only. I allow outside
   NZ browsing access to authorised sub-net addresses by groups that are
   defined in a separate file.(approx 1200 ip-addresses) I feel
   that the squid conf file would not be able to handle all these
   addresses. (Due to high international traffic costs we restrict
   international access to staff and some students.)
2. Can you define an access control list of client ip address ranges, instead
   of specifing separate subnet addresses.
          139.80.64.1-100 (includes 1-100 subnet ipaddresses in client acl)
instead of 139.80.64.1, 139.80.64.2, 139.80.64.3 etc...

As I want to restrict ipaddress acl to something like the following in the squid.conf file:
#Squid.conf allow all our campus ip-addresses access to New Zealand web sites and international web access to some subnet ipaddresses by the acl parmeter.
acl campus src 139.80.*.*/255.255.0.0
acl ComputerLab1 src 139.80.64.1-100/255.255.0.0

http_access campus port 81(only our campus can use the squid server on port 81)
deny all src */255.255.0.0 (deny all our ipaddresses browsing/accessing except
                            the following)
acl campus pattern http://*.*.nz/ (all campus able to browse/access nz web sites only)
allow ComputerLab1 http://* (ipaddress 139.80.64.1-100 browse/access all web sites)

Thank-you in advance,
I appreciate the help. 

-- 
Raewyn Ferguson					raewyn@elwing.otago.ac.nz
Systems Support Specialist                      webmaster@www.otago.ac.nz
Information Technology Services		             phone +64 3 479-8539
University of Otago                                  fax   +64 3 479-8577
P.O. Box 56
Dunedin
New Zealand
"If people concentrated on the really important things in life, there'd
be a shortage of fishing poles."
Received on Tue Jul 30 1996 - 14:55:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:43 MST