Re: Access Lists

From: Marc van Selm <marc.van.selm@dont-contact.us>
Date: Wed, 16 Dec 1998 08:36:11 +0100

At 11:07 AM 12/16/98 +1000, nbc Networks wrote:
>HI,
>
> i'm having a few problems with my access list on my test proxy
>
>i have these acl lists
>
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl noosanet src 203.37.210.0/255.255.255.0 203.37.243.0/255.255.255.0
>acl all src 0.0.0.0/0.0.0.0
>acl SSL_ports port 443 563
>acl Dangerous_ports port 7 9 19
>acl CONNECT method CONNECT
>
>then have this http_access
>
>http_access allow manager !localhost !noosanet
>http_access deny CONNECT !SSL_ports
>http_access deny Dangerous_ports

You probably want a "http_access allow noosnet here"

>http_access deny all

As far as I know the deny all can be removed. You also want to make sure you
noosanet has miss_access etc..

>
>i think that should be ok.. but i keep getting TCP FORBIDDEN messages in
>access.log when trying to use the proxy..

Good luck!

>sorry if this has already come up or whatever.. i'm fairly new to squid so
>please bear with me

No problem. This list is a mixed environment with highly experienced and
novice
users (and all in between)

Marc

>
>thanks in advance
>
>---------------------------------------------------------------------------
>Antony Puckey <stealth@nbcnet.com.au>
>Systems Administrator, nbc Networks
>P.O. Box 1242, Noosa Heads Queensland, Australia
>3/41 Sunshine Beach Rd Ph: +61 7 5473 5000
>Noosa Heads, Queensland Fax: +64 7 5474 9111
>Australia http://www.nbcnet.com.au
>---------------------------------------------------------------------------
>
---------------------------------------------------------------------
Marc van Selm
NATO C3 Agency
Communication Systems Division, A-Branch
Tel: +31 70 3142454
E-mail: marc.van.selm@nc3a.nato.int
---------------------------------------------------------------------
Private: selm@cistron.nl, selm@het.net, http://www.cistron.nl/~selm
Received on Wed Dec 16 1998 - 00:44:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:39 MST