Merdouille wrote:
> Hi
>
> i use a transparent squid proxy and i want :
> - access as manager with squidclient from localhost only
== http_access allow manager localhost
> - allow only computer from localhost to go every where
== http_access allow locahost
>
These ACL you ask about are the basic default install configurations for
Squid.
Please see squid.conf.default for the rest of the critical security
settings you need to be using.
or as listed in the demo 3.1 config at:
http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid
Amos
> My ACLs :
> #============== ACL
> # nom type
> acl all src all
> acl port port 82
> acl localnet src 192.168.100.0/192.168.100.255
"192.168.100.255" is not a valid network mask.
Please use:
192.168.100.0/24
> acl manager proto cache_object
> acl PROTO proto http
> acl METHOD method GET
> acl localhost src 127.0.0.1
>
> I try :
>
> http_access allow localhost manager
> http_access allow localnet port !manager
> http_access deny all !port !PROTO !METHOD
>
> but manager can acces from every IP of localnet
> I try :
>
> http_access allow localnet port !manager
> http_access deny all !port !PROTO !METHOD
> http_access allow localhost manager
> http_access deny !localhost !manger
>
> but it block every request from client
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Thu Apr 02 2009 - 10:37:46 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 02 2009 - 12:00:02 MDT