Re: [squid-users] Two-Three ACL combination syntax. from ads squid on 2003-08-04 (squid-users)

From: ads squid <adssquid@dont-contact.us>
Date: Mon, 4 Aug 2003 01:53:18 -0700 (PDT)

O.K.
My acl and http_access are as below :

acl QUERY urlpath_regex cgi-bin \?
acl STOP1 src 192.168.0.42
acl WORKING time MTWHF 09:30-14:18
acl SITE dstdomain www.xyz.com
http_access deny STOP1 WORKING SITE
acl localnet src 192.168.0.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localnet
http_access allow localhost
acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
http_access deny !Safe_ports
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
acl losers src 192.168.0.0/255.255.255.0
acl 4CONN maxconn 4
http_access deny 4CONN losers
acl magic_words2 url_regex -i .mpeg .mpe .mpg .wav
.mov
acl day time MTWHF 07:00-23:00
http_access deny CONNECT
http_access deny all
acl magic_words1 dst 192.168.0.0/255.255.255.0

I want to perform following : I will give in details
since I am totally confused with acl logic.

I want to stop access to www.xyz.com for period
09:30-14:18 to IP address 192.168.0.42.

I want to give access to other IPs of network
192.168.0.0 to all.
(OR Give access to 192.168.0.0-80. form 81 to 255 will
be restricted access.)

I want to deny access to not safe ports.

I want to delay access to "magic_words2" to 2000 Kbps.

Sorry, I am confused with acl logic.
Thanks for help

--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> On Monday 04 August 2003 08.09, ads squid wrote:
> > I have done as directed but no success.
> > I think I am restricting access with
> >
> > acl STOP1 src 192.168.0.42
> > acl WORKING time MTWHF 09:30-11:48
> > acl SITE dstdomain www.xyz.com
> > http_access deny STOP1 WORKING SITE
> >
> > and allowing access with
> >
> > http_access allow localnet
> >
> > Is it the issue? If so how to slove.
>
>
> THe issue is that if you have rules which conflict
> with each other
> then the one who should have priority must be before
> the other.
>
> What is your complete list of acl and http_access
> rules?
>
> egrep "^http_access|^acl" squid.conf
>
> Regards
> Henrik

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Received on Mon Aug 04 2003 - 02:53:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:34 MST