[buug] squid
johnd
john at jjdev.com
Tue Oct 14 12:26:07 PDT 2003
thanks, I got it to do what I need
I had the acl upside down
On Tue, Oct 14, 2003 at 12:25:20PM -0700, James Howard wrote:
> John,
>
> The default squid.conf file is very well commented. Check out the tagged
> acl section for the conventions allowed for host specification. Note, IP's
> and networks need to specified with subnet mask (either long or short form
> will do). If a domain name is instead given, it will be resolved by
> reverse lookup.
>
> src and srcdomain refer to the client which makes the url request to the
> proxy server. dst and dstdomain refer to the url request itself.
>
> acl myNet src 192.168.165.0
> > fix this by adding subnet mask
> acl badlist dstdomain jjdev.com
> > needs leading dot assuming jjdev.com is many hosts
> acl badIPs dst 66.74.136.240
> > needs subnet mask
>
> acls can be additive...
>
> acl badguys dstdomain .doubleclick.com
> acl badguys dstdomain .fastclick.com
> acl badguys dst 192.168.1.0/24
>
> all specify what "badguys" matches.
>
> As for access...
>
> http_access deny badlist
> > request for url's specified in badlist will not be served, regardless
> of where they come from.
> http_access deny badIPs
> > same here.
> http_access allow myNet
> > allow requests from my net
> http_access deny all
> > deny everything that hasn't been matched...
>
> On that last note, realize that access works on a first match basis. Once
> a match is found, we exit the chain.
>
> -Jim
More information about the buug
mailing list