ScarEye wrote:
> Squid is installed on an embedded device, With 16MB of RAM and 8MB of PROM it
> would fill up within a few seconds.
Cool.
One of my long- to medium-term objectives is to make it easy to build
a slimline Squid for these types of environment. Are you able to share
the build options and patches you used to get Squid to run in less than
16MB of RAM?
>
> We have this one computer that needs access to 3 websites that I don't want
> 192.168.1.2-192.168.1.10 to have access to. The IP of that device will be
> 192.168.1.60 how would I create a seperate ACL for that device that won't
> interfere with 192.168.1.2-192.168.1.10.
>
acl specialWebsite dstdomain .website.example.com
acl specialSrc src 192.168.1.60
adding:
http_access allow specialSrc specialWebsites
http_access deny specialWebsites
above the "# users" part of your config.
Amos
> Thanks for your time
>
> ScarEye
>
>
>
> Amos Jeffries-2 wrote:
>>
>> So....
>>
>> On Tue, 15 Sep 2009 10:39:11 -0700 (PDT), ScarEye <scareye_at_gmail.com>
>> wrote:
>>> #Squid Config Stuff
>>> cache_access_log none
>>> cache_store_log none
>>> cache_log /dev/null
>> That log is where you find out what critical and important system errors
>> are happening.
>> So you as administrator can fix them.
>>
>>> cache_effective_user nobody
>>> cache_dir null /dev/null
>>> http_port 3128 transparent
>>> pid_filename /var/run/squid.pid
>>> visible_hostname router
>>> # Supervisors With Unlimited Access
>>> ## Match by MAC
>>> acl supmac arp "/etc/mac.txt"
>>> http_access allow supmac
>>> http_reply_access allow supmac
>>> ## Match By IP
>>> acl supip src "/etc/supip.txt"
>>> http_access allow supip
>>> http_reply_access allow supip
>>> # users
>>> acl users src 192.168.1.2-192.168.1.10
>>> acl allowedsites dstdomain "/etc/squid/acl/acl"
>>> http_access allow allowedsites users
>>> http_access deny !allowedsites users
>>> deny_info http://www.my-site.com/ users
>>> http_reply_access allow users
>>> # Safe Ports
>>> acl Safe_ports port 80 21 443 563 70 210 1025-65535
>>> http_access deny !Safe_ports
>>> # Not Safe Ports
>>> acl Dangerous_ports port 7 9 19 22 23 25 53 109 110 119
>>> http_access deny Dangerous_ports
>>> # Anyone Not Already Matched
>>> acl all src 0.0.0.0/0.0.0.0
>>> http_access deny all
>>>
>>> So the above rules work perfectly, they do exactly I need for it to do.
>>> Now,
>>> what I need to do is the following.
>>>
>>> Add a rule to allow an IP 192.168.1.60 to look at a different acl. Like
>>> acl2
>>> or something.
>> ... huh?
>>
>>
>>
>> Amos
>>
>>
>
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19 Current Beta Squid 3.1.0.13Received on Wed Sep 16 2009 - 05:53:40 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 17 2009 - 12:00:02 MDT