Re: Advanced ACL

From: Jonathan Larmour <>
Date: Wed, 18 Dec 1996 19:59:21 +0000

At 20:41 18/12/96 +0100, David Ponzone wrote:
>I am sorry if this is a FAQ, but I wasn't able to find an answer.
>Is there any way with Squid to have ACLs allowing such IP addresses
>to request any pages from cache, but only some pages from the source ?
>ie: 10.0.0/8 can request anything from the cache, but only http://www.netscape.
>com/* from the source.

I think you can do with it with the miss_access rule. e.g. you could try
something like

acl nicepcs
acl fred src
acl netscape dstdomain

http_access allow nicepcs
http_access allow fred
http_access deny all

miss_access allow nicepcs
miss_access allow fred netscape
miss_access deny all

However I think you will get very odd behaviour occasionally for those
clients, e.g. no cgi scripts or dynamic pages (e.g. (unless
you adjust the min field of refresh_pattern maybe) so make sure you're happy
about that policy.

Jonathan L.
Origin UK,323 Cambridge Science Park,Cambridge,England. Tel: +44(1223)423355
------[ Do not think that every sad-eyed woman has loved and lost... ]------
----------------------[ she may have got him. -Anon ]-----------------------
Help fight spam! These opinions are all my own fault
Received on Wed Dec 18 1996 - 12:13:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:55 MST