RE: [squid-users] Re: ACL allowing a specific IP range

> -----Original Message-----
> From: Joost de Heer [mailto:sanguis@xs4all.nl]
> Sent: Thursday, February 03, 2005 11:38 PM
> To: Hunter, Jess
> Cc: squid-users@squid-cache.org
> Subject: [squid-users] Re: ACL allowing a specific IP range
>
>
> Hunter, Jess said:
>> I am running Squid with a banned.txt file. However there are a few
>> WebPages
>> on the banned list that I want to be able to open up to a certain IP
range
>> (i.e.. 192.168.1.201, 192.168.1.210, 192.168.1.250). I am wanting
to
>> allow these select few the ability to access pages such as mail.yahoo.com
>> while the rest of the network would still be denied.
>
> You can either open up the whole list or nothing on the list, not 'a few
> pages in the list'.
>
>> Here is how I have my ACL's set up:
>>
>> acl MYLAN src 192.168.0.1-192.168.10.253/255.255.255.0
>> acl banned dstdomain "path/to/banned/file/banned.txt"
>
>> http_access deny banned
>> http_access allow MYLAN
>> http_access deny all
>
> http_access allow banned MYLAN
> http_access deny banned
> http_access deny all
>
> Joost

Well you can always do something like the following:

acl special_sites dstdomain "/path/to/exception_sites"
acl special_clients src 192.168.0.10 192.168.2.15 192.168.2.17
acl MYLAN src 192.168.0.1-192.168.10.253/255.255.255.0
acl banned dstdomain "path/to/banned/file/banned.txt"

http_access allow special_sites special_clients
http_access deny banned
http_access allow MYLAN
http_access deny all

That should (if I'm not totally off base) allow 192.168.0.10,15 and 17
access the sites listed in the file special_sites regardless of their
presence in banned, while preventing the rest of the LAN from accessing
them.

Chris
Received on Fri Feb 04 2005 - 11:28:50 MST