RE: [squid-users] Http access control

From: Sivakumar R <uramsi01@dont-contact.us>
Date: Mon, 11 Mar 2002 10:55:47 +0530

Hi Newbie,

Duplicate acl's won't be a problem. I have got a similar setup and it works
perfectly. I agree with the other 2 (subnet & deny).

Siva.

-----Original Message-----
From: newbie [mailto:trykde@rogers.com]
Sent: Monday, March 11, 2002 10:44 AM
To: Su -
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Http access control

My guess:

1. duplicated acl names (allowed_hosts)
2. wrong netmask
3. didn't end with "deny"

Here is my try:

acl all_hosts src 0.0.0.0/0.0.0.0
acl allowed_host1 src 192.168.0.4/255.255.255.255
acl allowed_host2 src 192.168.0.20/255.255.255.255

http_access allow allowed_host1
http_access allow allowed_host2
http_access deny all_hosts

Hope this works,

-newbie

Su - wrote:
> Hi
> I using Squid v2.3. Now i like to control only certain
> PCs, eg. PC with Ip Address of 192.168.0.4 ,
> 192.168.0.20 are allowed to access Internet. My
> network IP address is from 192.168.0.1 -> 192.168.0.50
> , Subnet 255.255.255.0
>
> How can i do so ?
>
> I tried this way :
>
> #acl allowed_hosts src 192.168.0.0/255.255.255.0
> acl allowed_hosts src 192.168.0.4/255.255.255.0
> acl allowed_hosts src 192.168.0.20/255.255.255.0
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow allowed_hosts
> #http_access allow manager localhost
> #http_access deny manager
> http_access allow !Safe_ports
> http_access allow CONNECT !SSL_ports
>
> But when i test , still all PCs able to do so. The
> result i got, is either deny all PCs, or allow all
> pCs.
>
> Please advice
>
> TQ
> regards
> Su
Received on Sun Mar 10 2002 - 22:28:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:49 MST