On Tuesday 20 December 2005 12:17, M.K. tenNapel wrote:
> My boss asked me to put all network-IP's into certain groeps
> and that determine the acces each group should allowed to have.
> The problem is that this list is rather large. I could just place
> all Ip's on 1 line in /etc/squid/squid.conf, like this:
>
> acl Group_MaxAllowed src 192.168.1.5 192.168.1.6 192.168.1.7 etc etc
>
> but this would make myconfiguration file messy and difficult to
> maintain. So I tried this:
>
> acl Group_MaxAllowed src 192.168.1.5 #Da Boss
> 192.168.1.6 #My IP
> 192.168.1.7 # Some other IP
>
> But squid did not like that. I even tried to put all the IP that should
> be in that specific group into a textfile and put something like this in
> squid.conf:
>
> acl Group_MaxAllowed url_regex "/path/to/ip-list"
> acl Group_MaxAllowed src_regex "/path/to/ip-list"
>
> But Squid didn't like that either. So, could someone give me some
> examples to do this as efficiend and nice as possible?
The mistakes in the above example:
- you redefine the Group_MaxAllowed (ACLs need unique names)
- you don't use the ACLs (in a "http_access" statement)
- URLs and Source-IPs are different types
- you refer to the same files for IPs and URLs
So a (hopefully) working example for your case:
====
acl Src_MaxAllowed src "/path/to/ip-list"
acl Url_MaxAllowed url_regex "/path/to/url-list"
http_access allow Src_MaxAllowed Url_MaxAllowed
http_access deny
====
ip-list:
====
192.168.1.0/24
10.0.0.154
10.5.1.58
====
url-list:
====
^http://www\.vivisimo\.com/
^http://www\.google\.com/
====
Please read about how ACLs working the documentation. And my favorite wiki
link: http://workaround.org/moin/HowSquidAclsWork
Instead of "url_regex" you should check if a "dstdomain" type ACL is suited
better.
Christoph
-- ~ ~ ".signature" [Modified] 2 lines --100%-- 2,41 AllReceived on Tue Dec 20 2005 - 04:49:03 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 31 2005 - 12:00:02 MST