Re: [squid-users] unsure of one acl in squid.conf

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Wed, 29 Aug 2001 09:37:26 +1000 (EST)

Hi,

On Tue, 28 Aug 2001, pat lendon wrote:

> I do apologize, ACL's can be too confusing (and I think I'm still confused).

You are about "src" and "dst". The acls define conditions to be met. The
http_access lines define what to do when conditions are met.

>
> If I have a squid server and want to deny all the other squid servers access,
>
> acl squid_server src xx.xx.xx.xx/255.255.255.255 (ip of the squid server)
> http_access deny !squid_server

Not sure what you are trying to achieve here. The rule (http_access) you
have says

        if the source address in the incoming connection is NOT
        xx.xx.xx.xx, then deny the connection. In other words, the only
        system that can connect to your squid server is itself.

>
> If I have 50 users on one net and want them to be able to access squid server
>
> with passwd,
> acl 50_users dst xx.xx.xx.xx/255.255.255.0 (ip range or net of 50 users)

Methinks you want 'src' and not 'dst' here. You are defining 50_users to
match any connection with a destination of xx.xx.xx.xx/255.255.255.0. I
think you really mean, "any connection COMING FROM xx.xx.xx.xx/255.255.255.0.
This means you really want, as was explained in another email

        acl 50_users src xx.xx.xx.xx/255.255.255.0

> acl paswd proxy_auth REQUIRED
> http_access allow 50_users passwd
> http_access deny all

This bit is okay. The first http_access rule says:

        if source ip is one of "50_users" and they authenticate correctly,
        let them through.

Colin
Received on Tue Aug 28 2001 - 17:38:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:56 MST