Re: ACL Lists

From: Karl Ferguson <>
Date: Wed, 21 Oct 1998 11:40:09 +0800

At 02:21 AM 21/10/98 +0000, wrote:
> We are going to be upgrading to squid 2 . I was wondering how can
>i get it to stop allowing external proxy access. I have gone through my
>config and checked everything, but when ppl telnet to my proxy port it
>still allows ppl in from outside our class c, in squid 2, where can i
>change this setting.

Squid shouldn't honour thier HTTP request if you've set it up correctly
(they'll be able to telnet to the port, but they get access denied) : this
is represented in the ACLs:

acl all
acl Access_Granted x.x.x.x/ xx.xx.xx.xx/
http_access deny all !Access_Granted

The same could be said for ICP, though a different acl for that would be
needed if you have any siblings.

However, if on the other hand you want to completely cut off your port from
outside requests (port 3128 or whatever) squid cannot do this - you'll have
to impliment a firewall rule and filter it out - you can use ipfwadm and
linux (compiled correctly) for this.


This message is Copyright (C) 1998 by Karl Ferguson
Tower Networking Pty Ltd t/a STAR Online Services
   Tel: +61 8 9355-0000   Fax: +61 8 9355-0033
Received on Tue Oct 20 1998 - 21:30:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:37 MST