Re: restrict hosts to particular domains

From: Joel Taqueban <[email protected]>
Date: Wed, 03 May 2000 20:21:16 +0800

Thanks for the reply,

I've tried making changes to the ACLs. Here is my complete list:

     acl all src 0.0.0.0/0
     acl ldap proxy_auth REQUIRED
     acl allowedsites dstdomain dhl.com
     acl allowedhosts src 199.40.218.10-15
     acl allowedtime time S M T W H F A 06:00-21:00

     http_access allow ldap
     http_access allow allowedhosts allowedsites
     http_access allow allowedtime
     http_access deny all

did squid -k reconfigure but still those IPs could still access non-DHL
sites
And when I look into the cache.log file I can't see any warnings on
missing ACL declarations after re-reading the Squid conf file. I even
do a "squid --" and it doesn't return me about missing ACLs.

Anything or anywhere I need to check please?

Joel

Henrik Nordstrom wrote:

> alowe@hislora.com.au wrote:
> >
> > try this modified stuff:
> >
> > > How do I define on my squid.conf file to restrict particular IPs
> to
> > > access only certain domains?
> > >
> > > I've tried doing the ff:
> > >
> > > acl allowedsites dstdomain dhl.com
> > > acl allowedhost src 199.40.218.10-15/255.255.255.0
> > >
> > ># Remove this line--> http_access allow allowedsites
> > > http_access allow allowedhost allowed_sites
> > > http_access deny all
> >
> > the line marked remove is actually allowing the allowedsites to
> access
> > anything, by just putting the second and third line, you allow them
> to the
> > allowed_sites but nowhere else...
>
> Not quite.
>
> The first line allows everyone access to the host dhl.com.
>
> The second line is bungled in two ways:
> a) There is no allowed_sites ACL defined
> b) The allowedsites ACL is wrongly defined if your intention is to
> only
> match those 6 addresses. The netmask masks out the addresses and the
> ACL
> matches the whole class-C subnet. IP host ranges are better written
> without any netmask.
>
> However, this does not explain the behaviour you are seeing.
>
> Is there any other http_access lines before your "deny all" line?
> Is there any warnings about missing ACL declarations in cache.log when
>
> Squid is starting up?
> How is the ACL "all" defined? It SHOULD and MUST be defined as
> 0.0.0.0/0, nothing else.
>
> --
> Henrik Nordstrom
> Squid hacker
Received on Wed May 03 2000 - 06:18:44 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:15 MST