Re: [squid-users] Access Lists

Squid access lists are best described plain AND/OR logics, with
shortcuts on a match..

http_access allow/deny a AND b AND c AND ...
OR
http_access allow/deny d AND e AND ...
...

Note: AND/OR above are in their boolean algebra meaning, not their
english counterparts. For a line to match all ACL's listed on that line
must match. "http_access allow a b c" does not mean that a,b and c are
allowed, it means that for the request to be allowed it must match both
a, b and c.

There are some minor exceptions to the above:
* proxy_auth will always require valid credentials from the user. If no
such credentials are known then the request will get denied with
"authentication required", causing the browser to pop up a login box.
think that it is actually.. and not much of an exception as the
semantics are the same.

Then there is an art in finding the correct ACL type for a given
situation. There is currently 28 different ACL types in Squid to solve
various different access control problems. Fortunately you normally only
need to use a handful of them...

The following ACL types is perhaps the most commonly used. If you know
these you will get very far

  src IP address of the requestor (client)
  dstdomain requested destination hostname
  dst requested destination IP address
  url_regex regex matching agains the URL
  port requested destination port
  proxy_auth user authentication

Regards
Henrik Nordström
Squid Hacker

Paul Harlow wrote:
>
> Hi all,
>
> I'm very new here and fairly new to Squid so please bear with me if this is
> a subject that's been covered more than once.
>
> I've just started working with Squid off an on over the last few months and
> have hit a wall. I cannot find documentation that properly illustrates how
> to configure access lists with Squid and have had very limited success with
> the reconfigure of this server.
> For the most part we're restricting user access to the Internet using these
> access lists to just a few sites relating to their jobs. However, when I
> make changes to this list, mostly a copy and paste operation, these changes
> to not become effective after the service is restarted (killall -HUP squid).
>
> If anyone has any ideas to throw at me or any other resources that I might
> not have considered please send them my way!
> Thanks!
>
> Paul Harlow CCNA, MCP
> System and Network Administrator
> SKLD Information Services LLC
> 720 S. Colorado Blvd. Suite 1000N
> Denver, CO 80246
> (303)820-0861
> (720) 313-6125 cell
> pharlow@skld.com
Received on Tue Oct 30 2001 - 16:23:35 MST