Re: [squid-users] Squid Multiple ACL

From: ScarEye <scareye_at_gmail.com>
Date: Thu, 17 Sep 2009 10:52:43 -0700 (PDT)

I will give the suggestion below a try, thank you for your time. I am
running OpenWRT which has squid. What I acutally did was download the trunk
for OpenWRT and modified the Makefile so that I won't need to store log
files. I believe the switch I used was --enable-storeio=null \ then just
complile the image for your platform depending on what hardware your running
and your good to go. If you have other questions let me know.

Thanks,
ScarEye

Amos Jeffries-2 wrote:
>
> ScarEye wrote:
>> Squid is installed on an embedded device, With 16MB of RAM and 8MB of
>> PROM it
>> would fill up within a few seconds.
>
> Cool.
> One of my long- to medium-term objectives is to make it easy to build
> a slimline Squid for these types of environment. Are you able to share
> the build options and patches you used to get Squid to run in less than
> 16MB of RAM?
>
>>
>> We have this one computer that needs access to 3 websites that I don't
>> want
>> 192.168.1.2-192.168.1.10 to have access to. The IP of that device will be
>> 192.168.1.60 how would I create a seperate ACL for that device that won't
>> interfere with 192.168.1.2-192.168.1.10.
>>
>
> acl specialWebsite dstdomain .website.example.com
> acl specialSrc src 192.168.1.60
>
> adding:
> http_access allow specialSrc specialWebsites
> http_access deny specialWebsites
>
> above the "# users" part of your config.
>
> Amos
>
>> Thanks for your time
>>
>> ScarEye
>>
>>
>>
>> Amos Jeffries-2 wrote:
>>>
>>> So....
>>>
>>> On Tue, 15 Sep 2009 10:39:11 -0700 (PDT), ScarEye <scareye_at_gmail.com>
>>> wrote:
>>>> #Squid Config Stuff
>>>> cache_access_log none
>>>> cache_store_log none
>>>> cache_log /dev/null
>>> That log is where you find out what critical and important system errors
>>> are happening.
>>> So you as administrator can fix them.
>>>
>>>> cache_effective_user nobody
>>>> cache_dir null /dev/null
>>>> http_port 3128 transparent
>>>> pid_filename /var/run/squid.pid
>>>> visible_hostname router
>>>> # Supervisors With Unlimited Access
>>>> ## Match by MAC
>>>> acl supmac arp "/etc/mac.txt"
>>>> http_access allow supmac
>>>> http_reply_access allow supmac
>>>> ## Match By IP
>>>> acl supip src "/etc/supip.txt"
>>>> http_access allow supip
>>>> http_reply_access allow supip
>>>> # users
>>>> acl users src 192.168.1.2-192.168.1.10
>>>> acl allowedsites dstdomain "/etc/squid/acl/acl"
>>>> http_access allow allowedsites users
>>>> http_access deny !allowedsites users
>>>> deny_info http://www.my-site.com/ users
>>>> http_reply_access allow users
>>>> # Safe Ports
>>>> acl Safe_ports port 80 21 443 563 70 210 1025-65535
>>>> http_access deny !Safe_ports
>>>> # Not Safe Ports
>>>> acl Dangerous_ports port 7 9 19 22 23 25 53 109 110 119
>>>> http_access deny Dangerous_ports
>>>> # Anyone Not Already Matched
>>>> acl all src 0.0.0.0/0.0.0.0
>>>> http_access deny all
>>>>
>>>> So the above rules work perfectly, they do exactly I need for it to do.
>>>> Now,
>>>> what I need to do is the following.
>>>>
>>>> Add a rule to allow an IP 192.168.1.60 to look at a different acl. Like
>>>> acl2
>>>> or something.
>>> ... huh?
>>>
>>>
>>>
>>> Amos
>>>
>>>
>>
>
>
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19
> Current Beta Squid 3.1.0.13
>
>

-- 
View this message in context: http://www.nabble.com/Squid-Multiple-ACL-tp25458501p25492202.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Thu Sep 17 2009 - 17:52:50 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 18 2009 - 12:00:03 MDT