[geeks] Squid ACL question
Bill Bradford
mrbill at mrbill.net
Fri Oct 21 13:09:19 CDT 2005
I'm trying to setup Squid so that only certain IPs can use it, and then
only to certain (explicitly named) web sites - everything else is
denied. However, I'm having trouble with the ACLs. ANybody got a clue?
here's the first config I tried (IP range blanked out):
acl first_networks src xxx.yyy.0.0/255.255.0.0
acl second_networks src xxx.yyy.104.0/255.255.255.0
acl safe_sites dstdomain .microsoft.com .borland.com .sun.com .hp.com .compaq.co
m .dell.com .redhat.com .symantec.com .winzip.com .adobe.com .cisco.com .intel.c
om .broadcom.com .3com.com
http_access allow localhost first_networks second_networks safe_sites
http_access deny all
http_reply_access allow safe_sites
http_reply_access deny all
But that didn't work (denies everything).. So, I tried this next:
acl first_networks src xxx.yyy.0.0/255.255.0.0
acl second_networks src xxx.yyy.104.0/255.255.255.0
acl safe_sites1 dstdomain .microsoft.com .borland.com .sun.com .hp.com
acl safe_sites2 dstdomain .compaq.com .dell.com .redhat.com .symantec.com
acl safe_sites3 dstdomain .winzip.com .adobe.com .cisco.com .intel.com
acl safe_sites4 dstdomain .broadcom.com .3com.com
http_access allow localhost first_networks second_networks
http_access allow safe_sites1 safe_sites2 safe_sites3 safe_sites4
http_access deny all
http_reply_access allow all
Same result, everything's denied. Any ideas?
I can do this, and stuff gets through, but then I can't limit what sites
the proxy users can visit:
acl first_networks src xxx.yyy.0.0/255.255.0.0
acl second_networks src xxx.yyy.104.0/255.255.255.0
http_access allow localhost first_networks second_networks
http_access deny all
http_reply_access allow all
Thanks.
Bill
--
Bill Bradford
Houston, Texas
More information about the geeks
mailing list