Re: ACL to protect internal webservers ?

From: <[email protected]>
Date: Fri, 26 Jun 1998 15:54:02 +0200

Meanwhile, I tried to replace "acl xxx domain" by "acl src", which may be
smarter, anyway. Sice I use "src", it works fine. Now the acl only refers
to the cache clients and does not match the cache content any more.

Bug or feature ?

-Jan

squid-users@ircache.net am 26.06.98 13:41:22

An: squid-users@ircache.net
Kopie: (Blindkopie: Jan Schreiber/EDV/Spiegel)
Thema: ACL to protect internal webservers ?

I try to use Squid 1.0.22 on FreeBSD 2.2.2-RELEASE. Inside squid.conf, I
define an ACL for the hosts in my domain. I grand http_access to this acl,
and deny http_access to anyone else:
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl CONNECT method CONNECT
acl santaclaus domain santaclaus.com
http_access allow manager santaclaus
http_access deny manager
http_access allow santaclaus
http_access deny all
since I dont want hosts outside my domain to access the cache *and use it
to see the
internal webservers*. This does not work. External hosts cannot use the
cache for external URL's,
but *can* access internal webservers at .santaclaus.com.
I don't know any more parameters for the http_access statement.
I could not learn the answer to this from the FAQ.
Thank you for any hints.
Received on Fri Jun 26 1998 - 06:56:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:51 MST