Re: ACL question...

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 12 Oct 1999 19:52:16 +0200

Marc G. Fournier wrote:

> Last night, I changed:
>
> acl all src 0.0.0.0/0.0.0.0

Don't do that. Squid assumes all is defined to match everyone.

It is better if you define another ACL name for matching your network.

acl localnet src 131.162.0.0/16

> in order to close off our proxy server from being accessed off of
> our network...all appears to be well except that I can no longer
> access my cachemgr.cgi on the server, with an error of:

This is because localhost no longer have miss_access.

> ====================

> acl all src 131.162.0.0/16

Recommended replacement for the above line:
acl all src 0.0.0.0/0
acl localnet 131.162.0.0/16

> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #

> http_access allow all

Recommended replacement for the above line:

http_access allow localnet
http_access deny all

--
Henrik Nordstrom
Squid hacker
Received on Tue Oct 12 1999 - 12:34:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:47 MST