Re: [squid-users] Two-Three ACL combination syntax. from ads squid on 2003-08-04 (squid-users)

From: ads squid <adssquid@dont-contact.us>
Date: Mon, 4 Aug 2003 03:18:56 -0700 (PDT)

I have received as suggested

acl QUERY urlpath_regex cgi-bin \?
acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
http_access deny !Safe_ports
acl STOP1 src 192.168.0.42
acl WORKING time MTWHF 09:30-17:00
acl SITE dstdomain www.yahoo.com
http_access deny STOP1 WORKING SITE
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
acl losers src 192.168.0.0/255.255.255.0
acl 4CONN maxconn 4
http_access deny 4CONN losers
acl magic_words2 url_regex -i .mpeg .mpe .mpg .wav
.mov
acl day time MTWHF 07:00-23:00
http_access deny CONNECT
acl localnet src 192.168.0.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localnet
http_access allow localhost
http_access deny all
acl magic_words1 dst 192.168.0.0/255.255.255.0

It has stop access of all users.
Thanks
--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> On Monday 04 August 2003 10.53, ads squid wrote:
> > O.K.
> > My acl and http_access are as below :
> >
> > acl STOP1 src 192.168.0.42
> > acl WORKING time MTWHF 09:30-14:18
> > acl SITE dstdomain www.xyz.com
> > http_access deny STOP1 WORKING SITE
>
> Looks fine.
>
> If the above rule does not work, what do you get in
> access.log?
>
> > acl localnet src 192.168.0.0/255.255.255.0
> > acl localhost src 127.0.0.1/255.255.255.255
> > http_access allow localnet
> > http_access allow localhost
>
> you still have not moved these down where they
> belong. Nothing beyond
> this will be used until you move this down.
>
> > acl Safe_ports port 80 443 210 119 70 20 21
> 1025-65535
> > http_access deny !Safe_ports
> > acl CONNECT method CONNECT
> > acl all src 0.0.0.0/0.0.0.0
> > acl losers src 192.168.0.0/255.255.255.0
> > acl 4CONN maxconn 4
> > http_access deny 4CONN losers
> > acl magic_words2 url_regex -i .mpeg .mpe .mpg .wav
> > .mov
> > acl day time MTWHF 07:00-23:00
> > http_access deny CONNECT
>
> The above mentioned rules should be here, just
> before "deny all".
>
> > http_access deny all
>
>
>
> > I want to give access to other IPs of network
> > 192.168.0.0 to all.
> > (OR Give access to 192.168.0.0-80. form 81 to 255
> will
> > be restricted access.)
>
> You need to decide on one, and make the src acl
> correspondingly in
> your corresponding allow rule.
>
> > I want to deny access to not safe ports.
>
> This you need to do before wher you allow access.
> You can not deny
> what you have already allowed (or allow what you
> have already
> denied).
>
> > I want to delay access to "magic_words2" to 2000
> Kbps.
>
> See the delay_* directives.
>
>
> Regards
> Henrik
>

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
Received on Mon Aug 04 2003 - 04:19:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:34 MST