Re: ACL Lists

From: Ben O'Shea <ben@dont-contact.us>
Date: Wed, 21 Oct 1998 13:54:34 +1000

Hi,
    It's in the access lists, in squid.conf

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

# TAG: acl
# Defining an Access List
#
# acl aclname acltype string1 ...
# acl aclname acltype "file" ...
#
# when using "file", the file should contain one item per line
#
# acltype is one of src dst srcdomain dstdomain url_pattern
# urlpath_pattern time port proto method browser user
#
# acl aclname src ip-address/netmask ... (clients IP address)
# acl aclname src addr1-addr2/netmask ... (range of addresses)
# acl aclname dst ip-address/netmask ... (URL host's IP address)
#
# acl aclname srcdomain foo.com ... # reverse lookup, client IP
# acl aclname dstdomain foo.com ... # Destination server from URL
# acl aclname srcdom_regex xxx ... # regex matching client name
# acl aclname dstdom_regex xxx ... # regex matching server
# # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# # based URL is used. The name "none" is used if the reverse lookup
# # fails.
#
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# day-abbrevs:
# S - Sunday
# M - Monday
# T - Tuesday
# W - Wednesday
# H - Thursday
# F - Friday
# A - Saturday
# h1:m1 must be less than h2:m2
# acl aclname url_regex ^http:// ... # regex matching on whole URL
# acl aclname urlpath_regex \.gif$ ... # regex matching on URL path
# acl aclname port 80 70 21 ...
# acl aclname port 0-1024 ... # ranges allowed
# acl aclname proto HTTP FTP ...
# acl aclname method GET POST ...
# acl aclname browser regexp
# acl aclname user username ... # string match on ident output.
# # use REQUIRED to accept any
# # non-null ident.
# acl aclname src_as number ...
# acl aclname dst_as number ...
# # Except for access control, AS numbers can be used for
# # routing of requests to specific caches. Here's an
# # example for routing all requests for AS#1241 and only
# # those to mycache.mydomain.net:
# # acl asexample dst_as 1241
# # cache_peer_access allow mycache.mydomain.net asexample
# # cache_peer_access deny mycache_mydomain.net all
#
# acl aclname proxy_auth [ refresh ]
# # Use an EXTERNAL authentication program to check username/password
# # combinations (see authenticate_program).
# #
# # 'timeout' is the time a checked username/password combination
# # remains cached (default = 3600 secs). If a wrong password
# # is given for a cached user, the user gets removed from the
# # username/password cache forcing a revalidation.
# #
# # When using a proxy_auth ACL in an http_access rule, make sure
# # it is the *last* in the list and the only proxy_auth ACL in
# # the list.
# #
# # NOTE: when a Proxy-Authentication header is sent but it is not
# # needed during ACL checking the username is NOT logged
# # in access.log.
#
and so on...you get the idea, find this section in your squid.conf and edit it
accordingly.

roddy@satlink.com.au wrote:

> Hi,
> We are going to be upgrading to squid 2 . I was wondering how can
> i get it to stop allowing external proxy access. I have gone through my
> config and checked everything, but when ppl telnet to my proxy port it
> still allows ppl in from outside our class c, in squid 2, where can i
> change this setting.
>
> Cheers,
> ---
> Roddy Strachan.
> Tech Support/Admin.
> Satlink Internet Services : 03-9775-2600 | http://www.satlink.com.au
> Melbourne, Australia.
> Email : roddy@satlink.com.au
> ICQ : 1987890
> ---
> Out the 10Base-T, through the router, down the T1,
> over the leased line, off the bridge, past the
> firewall... nothing but Net.

--
Regards,
Ben O'Shea
Technical Support
Brisbane Internet Group
Mobile: 0416346437
Received on Tue Oct 20 1998 - 22:04:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:37 MST