Re: [squid-users] Squid ACL with ARP and a specific file

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Thu, 2 Aug 2001 08:12:40 +1000 (EST)

Hi,

On Wed, 1 Aug 2001, Marc Petersen wrote:

> acl macs arp src "/opt/squid/etc/macs"
> http_access deny macs all
>
> But that won't work. I have tried it with some options but i always get an
> error if i want to start squid. I HAVE arp acl support compiled in btw :-)

Methinks you really want:

acl macs arp "/opt/squid/etc/macs"

The "src" is used to define an acl based on the source IP address of the
browser.

Furthermore why the "all" on the end? I am not sure you really understand
the interaction between acls and http_access lines.

The acls define list that specify some condition to be matched in a
connection. The http_access lines then use one or more acls AND-ed
together to permit or dny access. Thus when you say:

http_access deny macs all

You are really saying:

If the MAC address is in the macs acl AND the IP address is in all, deny
access. In this case the "all" is really redundant, ie

http_access deny macs

would be sufficient.

Be aware too that MAC addresses are only useful on the local lan segment.
Any packet passing through a router to get to the squid server will have
the MAC address of the router it came through to get to the lan segment.

> The thing why i want to do that in this way is i have an HTML based
> Admin-Toolkit for Squid, selfwritten, and it's more easier for me to change a
> different file and not the squid.conf.

Have you looked at webmin?

Colin

--
Colin Campbell
Unix Support/Postmaster/Hostmaster
CITEC
+61 7 3006 4710
Received on Wed Aug 01 2001 - 16:12:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:26 MST