Re: [squid-users] http_access rule with multiple conditions?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 03 Jun 2013 15:49:38 +1200

On 3/06/2013 8:51 a.m., joel123 wrote:
> On my network, I've got IM clients and games that connect to numeric IPs.
>
> I use a rule to always allow specific network to connect to numeric IPs:
>
> acl ipdomain url_regex ^[^:]*://([^/@]*@)?[0-9\.]*(:|/|$|\?) ^[0-9\.]*$
> http_access allow limited_net ipdomain
>
> But these clients also make CONNECT requests to these numeric IPs at port 80
> and 443.
>
> I can control CONNECT with
> http_access deny CONNECT !CONNECT_ports
>
> but how can I control CONNECT for a specific network?
> ie:
>
> http_access allow connect_allowed_net CONNECT CONNECT_ports

Yes, exactly like your example.

Have you read the FAQ yet where it explains how access controls work?
http://wiki.squid-cache.org/SquidFaq/SquidAcl

> Ultimately, can I say, allow limited_net to make CONNECT requests to
> specific PORTs to numeric IPs.
>
> something like:
> http_access allow limited_net CONNECT CONNECT_ports
>
> Anyway to achieve that?

Yes. Exactly as you wrote above.

However, where you place that in your config file matters. The
http_access controls are a order-dependent sequence of security
permissions tested for the request. The documentation of how they work
under "Access Lists" section of the wiki FAQ article I linked to
explains all that.

Amos
Received on Mon Jun 03 2013 - 03:49:45 MDT

This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 12:00:04 MDT