[squid-users] Subnet ACL Config

From: Joe Giles <jgiles@dont-contact.us>
Date: 10 Apr 2003 21:30:59 -0600

List,

I'm trying to create an ACL based on subnets. I wish machines in the
10.100.125.0/255.255.255.0 (acl dc1) subnet to access an http list I
create and have 10.100.126.0/255.255.255.0 (acl dc2) subnet to access
another http list I choose. Now, I don't want each subnet to access each
others http list... This is what I came up with:

acl all src 0.0.0.0/0.0.0.0
acl baddomainlist dstdomain "/etc/squid/bad_sites"
acl bad_url_regex url_regex "/etc/squid/bad_url_regex"
acl good_sites dstdomain "/etc/squid/good_sites"

acl dc1 src 10.100.125.0/255.255.255.0
acl dc2 src 10.100.126.0/255.255.255.0

acl DC1_url_list1 dstdomain "/etc/squid/DC1_url_list1"
acl DC2_url_list2 dstdomain "/etc/squid/DC2_url_list2"

http_access deny bad_url_regex
http_access deny baddomainlist
http_access allow good_sites !dc1 !dc2 *See Below
http_access allow dc1 DC1_url_list1
http_access allow dc2 DC2_url_list2
http_access deny all

*-NOTE: Good_sites is a file that allows access to .com's .org's .net's
ect...ect.. Pretty much everything....

Now, for some reason, each subnet can access each other's http list
(Simple text files with urls in them).Now I know that the lists work,
cause they can only access what is in each list... HOWEVER, it I put
this:

http_access allow dc1 DC1_url_list1 !dc2
http_access allow dc2 DC2_url_list2 !dc1
http_access deny all

Then both subnets stop working totally.

What am I doing wrong here...

Thanks for any advice :)

Joe
Received on Thu Apr 10 2003 - 21:17:06 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:56 MST