Re: [SQU] configuration of acl in squid.conf

Remove you "http_access deny all" statements. Squid parses squid.conf from
the top down. If a machine or url matches an acl, it goes by the FIRST
corresponding http_access line for that acl. So, since you have a number of
deny all lines, pretty much everything is going to be denied.

"http_access deny all" should be the last line in squid.conf....

Craig

----- Original Message -----
From: "Hervé Ballans" <herve.ballans@alpha.u-bordeaux.fr>
To: "Forum Squid" <squid-users@ircache.net>
Sent: Wednesday, February 28, 2001 10:18 AM
Subject: [SQU] configuration of acl in squid.conf

> Hello,
>
> I've a problem to configure my squid.conf file.
>
> I'm under Linux 2.2.17 and version of squid is 2.3.STABLE4.
>
> I've mounted a proxy squid in my service, not to cahe, but to secure
> access.
> in a classic configuration, the proxy works perfectly :
>
> acl all src 0.0.0.0/0.0.0.0
> ...
> acl bx_urls dstdomain www1 www2 www3 www4...
> acl bx_ip src ip1 ip2 ip3 ip4...
> http_access allow bx_urls
> http_access deny all
> http_access allow bx_ip
> http_access deny all
>
> but, I would like to configure different acls of url and acls of ip
> address in the same file.
> For example :
>
> acl urls_1 dstdomain ...
> acl urls_2 dstdomain ...
> acl ips_1 src ...
> acl ips_2 src ...
>
> With these acls, I would like to manage different access rigths depend
> on ip addresses.
> For example :
>
> acl urls_1 dstdomain www10 www11 www12 www13...
> acl ips_1 src ip10 ip11 ip12 ip13...
> http_access allow urls_1
> http_access deny all
> http_access allow ips_1
> http_access deny all
>
> acl urls2 dstdomain www20 www21 www22 www23...
> acl ips_2 src ip20 ip21 ip22 ip23...
> http_access allow urls2
> http_access deny all
> http_access allow ips_2
> http_access deny all
>
> But, in final, it doesn't work !
>
> Is it possible to take a such configuration ? and how configure this ?
>
> Thank's a lot for your help...
>
> Hervé
>
> ...and excuse me for my bad english...
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html