RE: [squid-users] ACL lists

From: Garry D. Chapple <garryc@dont-contact.us>
Date: Wed, 12 Mar 2008 07:41:58 +0930

Thanks Saul,

It works a treat mate and thanks again for a quick response.

Regards,

Garry Chapple

-----Original Message-----
From: saul waizer [mailto:swaizer@hoodiny.com]
Sent: Wednesday, 12 March 2008 5:24 AM
To: squid-users@squid-cache.org
Cc: Garry D. Chapple
Subject: RE: [squid-users] ACL lists

Garry,

Here are some examples I prepared for you:

acl badguys src 6.0.0.0/8
acl badguys2 src 2.0.0.0/8
acl intruder src 10.10.10.16
acl workstation src 10.10.10.19
acl our_networks src 192.168.1.0/24

http_access deny badguys
http_access deny badguys2
http_access deny intruder
http_access allow workstation
http_access allow our_networks

http_access deny all

Brief explanation on these ACL's:

I use a general acl called badguys to prevent access from an entire
network
class, I.E. someone doing a DoS attack on your network from multiple
IP's on
the same class.

Intruder: A kid with a script trying to use your squid coming from the
same
ip (Your question about deny a single host)

The rest is self explanatory, you can call the acl's whatever you want.

After an acl you must have a rule matching the ACL name, so here is
where
you either allow or deny access based on your ACL's, see the http_access
"allow or deny" above.

Last, but also the most important, at the end of all your ACL's put
"http_access deny all" so you can secure your installation based on your
newly created ACL's

Hope it helps
Saul Waizer

-----Original Message-----
From: Garry D. Chapple [mailto:garryc@compdyna.tzo.com]
Sent: Monday, March 10, 2008 8:27 PM
To: squid-users@squid-cache.org
Subject: [squid-users] ACL lists

Hi,

I am a complete Squid newb with my first install done only yesterday,
2.6 stable(18). Can someone please help with basic ACL config for
network IP's, I would like to allow my local network and restrict just
one or two hosts by IP address. I have Googled a little but as there are
so many ACL configurations it's difficult to know which one works!

Squid is up and running well and I have an ACL to allow my local network
(acl our_networks src 192.168.1.0/24) but how do I then deny access to
just a single host IP? Any examples or good web sites with these kinds
of examples would be much appreciated.

Regards,

Garry C

No virus found in this incoming message.
Checked by AVG.
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date:
3/11/2008
1:41 PM
 

No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date:
3/11/2008
1:41 PM
 
Received on Tue Mar 11 2008 - 16:14:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT