Re: [squid-users] acl not functioning right

Another note:

http_access is a ordered list of access rules. The first http_access
line that fully matches the request will tell if the request is allowed
or denied. So putting the http_access line for denying the worm pattern
after you have allowed all your users access won't do much good. Move if
up before your clients and you should see it more effective.

Regards
Henrik Nordstrom
Squid Hacker
MARA Systems AB, Sweden

"Peña, Botp" wrote:
>
> Hi Henrik,
>
> acl conf follows,
>
> Thanks in advance,
> -botp
>
> ---------------------------------------
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> acl pager_url url_regex pager.yahoo.com
> acl worm_url url_regex -i \.eml$
> acl porn_url url_regex "/proxy/squid/porn2"
> acl bugo_mis_user src 10.2.10.1-10.2.10.41 10.2.25.6
> acl bugo_user src 10.2.10.50-10.2.10.115
> acl bugo_user2 src 10.2.9.1-10.2.9.49
> acl mkti_user src 10.1.26.1-10.1.26.94 10.1.30.1
> acl mkti_mis_user src 10.1.27.1-10.1.27.20
> acl mkti_kitch src 10.1.100.150-10.1.100.151
> acl mkti_user_temp src 10.1.27.252-10.1.27.253
> acl pltn_user src 10.3.10.1-10.3.10.24
> acl pltn_dialup_user src 10.3.12.1-10.3.12.4 10.3.9.2-10.3.9.7
> acl bugo_srvr src 10.2.1.1-10.2.1.10 10.2.31.1 10.2.25.2 10.2.25.5
> acl mkti_srvr src 10.1.1.7 10.1.25.2
> acl bugo_cws src 10.2.1.200
> acl bugo_test src 10.2.255.1 10.2.31.1 10.2.9.47
> acl bugo_dialup2146 src 10.2.13.1-10.2.13.5
> acl bugo_dialup1 src 10.2.1.155
> acl bugo_dialup2 src 10.2.1.145
> acl mkti_user_in_bugo src 10.2.12.1-10.2.12.10
> acl bugo_user_in_mkti src 10.1.28.1-10.1.28.3 10.2.12.1-2
> acl mkti_dialup src 10.1.255.1-10.1.255.6
> acl mkti_dialup2 src 10.1.1.207
> acl dialup src 10.2.1.140
> acl jlsparanaque src 10.6.1.100
> acl laspinas src 10.8.10.1 10.8.10.21
> acl bacolod src 10.15.1.101
> acl cebu src 10.4.1.9 10.4.1.115
> acl adsiadvo src 10.18.1.200 10.18.2.101
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow bugo_srvr
> http_access allow bugo_cws
> http_access allow bugo_test
> http_access allow bugo_mis_user
> http_access allow bugo_user
> http_access allow bugo_user2
> http_access allow bugo_dialup2146
> http_access allow bugo_dialup1
> http_access allow bugo_dialup2
> http_access allow mkti_user
> http_access allow mkti_mis_user
> http_access allow mkti_user_temp
> http_access allow mkti_srvr
> http_access allow mkti_kitch
> http_access allow pltn_user
> http_access allow pltn_dialup_user
> http_access allow mkti_user_in_bugo
> http_access allow bugo_user_in_mkti
> http_access allow mkti_dialup
> http_access allow mkti_dialup2
> http_access allow dialup
> http_access allow jlsparanaque
> http_access allow laspinas
> http_access allow bacolod
> http_access allow cebu
> http_access allow adsiadvo
> http_access deny worm_url
> http_access allow localhost
> http_access deny all
> ---------------------------------------
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Friday, September 21, 2001 12:34 PM
> To: =?iso-8859-1?Q?Pe=F1a?=@henrik.localdomain; Botp
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] acl not functioning right
>
> Please send all your acl and http_access lines.
>
> egrep "^acl|^http_access" squid.conf
>
> --
> Henrik Nordstrom
> Squid Hacker
>
> "Peña, Botp" wrote:
> >
> > Hi Team,
> >
> > Somehow, my acls are not functioning right.
> > Everyone can now browse.
> >
> > Any tips pls.
> >
> > thanks,
> > -botp
> >
> > acl follows:
> > .................................................
> >
> > acl worm_url url_regex -i \.eml$
> >
> > acl user1 src 10.2.10.1-10.2.10.41 10.2.25.6
> > acl user2 src 10.2.10.50-10.2.10.115
> >
> > http_access deny worm_url
> > http_access allow user1
> > http_access allow user2
> >
> > http_access allow localhost
> > http_access deny all
Received on Fri Sep 21 2001 - 16:12:38 MDT