RE: [squid-users] Howto protect one network using ACL?

From: Yuriy Kuznetsov <[email protected]>
Date: Thu, 10 Jan 2002 16:22:03 +0200

> -----Original Message-----
> From: derix suartyo [mailto:derix@se.fujitsu.co.id]
> Sent: 08 ?????? 2002 ?. 06:46
> To: Colin Campbell
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Howto protect one network using ACL?
>
>
> Dear Mr.Colin,
>
> This is my complete configuration (i refer to your config):
>
> acl localnet10 src 192.168.10.0/255.255.255.0
> acl yahoo url_regex -i ^http://http.msg.yahoo.com
> acl MORNING time MTWHF 08:00-11:59
> acl LUNCH time MTWHF 12:00-12:59
> acl AFTERNOON time MTWHF 13:00-16:59
> acl EVENING time MTWHF 17:00-23:59
> acl MIDNIGHT time MTWHF 00:00-07:59
>
> and the restriction rules:
> http_access deny localnet10 yahoo MORNING
> http_access deny localnet10 yahoo AFTERNOON
> http_access allow localnet10 yahoo LUNCH
> http_access allow localnet10 yahoo EVENING
> http_access allow localnet10 yahoo MIDNIGHT
> http_access allow localnet10
>
I think it is simle... KISS :)))

http_access allow localnet10 !yahoo
http_access allow localnet10 yahoo LUNCH
http_access allow localnet10 yahoo EVENING
http_access allow localnet10 yahoo MIDNIGHT

but I have a question .. What is better

acl yahoo url_regex -i ^http://http.msg.yahoo.com
or
acl yahoo dstdomain http.msg.yahoo.com

I prefer second because url_regex do not have reverse lookup (and not
block IP-s) or I am wrong?

cheers
Received on Thu Jan 10 2002 - 07:23:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:48 MST