Re: [squid-users] Another ACL Question

From: Simon White <simon@dont-contact.us>
Date: Fri, 5 Apr 2002 18:09:11 +0000

05-Apr-02 at 20:01, Henrik Nordstrom (hno@marasystems.com) wrote :
> For simplicity and readability I tend to use the same acl names as what they
> match when matching individual protocols or methods.

Fair point. I tend to be more flippant on list recommendations than in my
own squid.conf files. I was also worried about having an acl which is also
the name of a method or protocol.

> http_access allow ftp_put_only FTP PUT
> http_access deny ftp_put_only
>
> will allow the user listed as ftp_put_only to use FTP to PUT files, but deny
> him any other uses of the proxy. (rather stupid rule.. the user will not be
> able to retreive FTP directory listings, surf the web or any other actions...)

Oops. Should have thought more about that last rule.

> It also allows for more interesting constructs like
>
> acl allowed_to_put src 192.168.0.4
> http_access deny FTP PUT !allowed_to_put
>
> [before your first "http_access allow" rule]
>
> This will deny FTP PUT to all users except those listed in allowed_to_put.
>
> And so on.

The rest is left, then, to the reader, to cook up the full list needed. As
has been said before, it is no use to provide a fully working example
because you don't learn anything by copy-pasting. That's why I leave
mistakes in ;-) hehe.

-- 
[Simon White. vim/mutt. simon@mtds.com. GIMPS:61.69% see www.mersenne.org]
It's amazing how some people can put their foot in their mouth with their
head so far up their ass.
[Linux user #170823 http://counter.li.org. Home cooked signature rotator.]
Received on Fri Apr 05 2002 - 11:09:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:23 MST