RE: [squid-users] acl deny versus acl allow? from Roger Thomas on 2008-11-18 (squid-users)

From: Roger Thomas <roger.e.thomas_at_googlemail.com>
Date: Tue, 18 Nov 2008 08:17:38 -0000

Hi,
Ok, well you were all right! Unfortunately I didn't know that the allow acl
had to be above the deny.

Ive used this and it works like a charm.

acl misc_allow_list url_regex -i "/etc/squid/block/misc_allow.list"
http_access allow misc_allow_list

acl misc_block_list url_regex -i "/etc/squid/block/misc_block.list"
http_access deny misc_block_list

Thanks all!

Roger

-----Original Message-----
From: Jeff Gerard [mailto:mysubscriptions_at_shaw.ca]
Sent: 18 November 2008 07:31
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] acl deny versus acl allow?

My apologies...I misinterpreted what you said. I thought you meant "deny"
should not be used at all....

----- Original Message -----
From: Amos Jeffries
Date: Monday, November 17, 2008 9:33 pm
Subject: Re: [squid-users] acl deny versus acl allow?
To: Jeff Gerard
Cc: squid-users_at_squid-cache.org

> Jeff Gerard wrote:<BR>> > Can you clarify this? I have looked through the
FAQ and there
> is plenty of reference to using "deny" and I can't see any
> mention of replacing "deny" with "allow".
> >
>
> You can write either:
> http_access deny something
> or
> http_access allow something
>
> not both on the same line.
>
> To quote straight from that FAQ page:
> "
> Q: How do I allow my clients to use the cache?
> A: Define an ACL that corresponds to your client's IP addresses.
> Next, allow those clients in the
> http_access list.
>
> For example:
> acl myclients src 172.16.5.0/24
> http_access allow myclients
> "
>
> and more relevant to your stated example:
>
> "
> Q: How do I implement an ACL ban list?
> A: ..., Another way is to deny access to specific servers which
> are
> known to hold recipes.
>
> For example:
> acl Cooking2 dstdomain www.gourmet-chef.com
> http_access deny Cooking2
> http_access allow all
> "
>
> Amos
>
> > Thanks
> >
> >> The word 'deny' is fully replaced with the word
> 'allow'.
>
> >> Please read and understand the FAQ on ACL before continuing
> with
> >> your
> >> testing:
> >> http://wiki.squid-cache.org/SquidFaq/SquidAcl
> >>
> >> Amos
> >> --
> >> Please be using
> >> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
> >> Current Beta Squid 3.1.0.2
> >>
> >
> > ---
> > Jeff Gerard
>
>
> --
> Please be using
> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
> Current Beta Squid 3.1.0.2
>

---
Jeff Gerard
Received on Tue Nov 18 2008 - 08:17:50 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 18 2008 - 12:00:03 MST