Re: squid.conf -- acl flags

From: Duncan Anker <>
Date: Mon, 05 May 1997 19:41:50 PDT

>Date: Tue, 6 May 1997 00:49:38 -0400 (EDT)
>From: Jason Lixfeld <>
>Subject: squid.conf -- acl flags
>I have recently installed the latest version of Squid. My goal in this
>venture is to allow only 2 (TWO) networks access to it. The rest will get
>a 403 Permission Denied error if/when they attempt to use this proxy
>server. I have taken the sample squid.conf and edited it to my needs, but
>it doesn't seem to be effective. Here is a copy of the relevent
>acl manager proto cache_object
>acl localhost src
>acl officenet src
>acl oldofficenet src
>acl all src
>acl SSL_ports port 443 563
>http_access deny manager !all
>http_access deny CONNECT !SSL_ports
>http_access allow !officenet
>http_access allow !oldofficenet
>icp_access allow !officenet
>icp_access allow !oldofficenet

Assuming that officenet and oldofficenet are the two you want
to allow, that should be:

http_access allow officenet
http_access allow oldofficenet
icp_access allow officenet
icp_access allow oldofficenet

and probably best followed with a deny all to ensure no-one else
can use it. The ! means not, so you were allowing anyone not
on those networks through. Probably not what you intended. Also,
either of those nets would have access because if it didn't match
the first allow, it would match the second.

An alternative would be to use deny, and write it more succinctly:

http_access deny !officenet !oldofficenet

>I am probably just missing something here, but I cannot find suffecient

I think what you are missing is more detailed documentation :-)

>Thanks in advance


Duncan Anker
Health freaks are going to feel stupid one day, when they're
lying in a hospital bed, dying of nothing.
Get Your *Web-Based* Free Email at
Received on Mon May 05 1997 - 19:45:21 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:07 MST