Re: [squid-users] Hallo Gang ACL twist

From: Squid Support (Henrik Nordstrom) <[email protected]>
Date: Mon, 22 Apr 2002 13:19:02 +0200

On Monday 22 April 2002 12:02, 'Simon White ' wrote:

> > acl localnet src 192.168.0.0/255.255.0.0
> > acl othernet src 10.0.0.0/255.0.0.0
> > acl othernet2 src 157.157.168.192/255.255.255.192
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl menet src 192.168.16.0/255.255.255.0
> > acl all src 0.0.0.0/0.0.0.0
> > http_access allow localnet
> > http_access allow othernet
> > http_access allow othernet2
> > http_access allow localhost
> > http_access deny menet
> > http_access deny !Safe_ports
> > http_access deny CONNECT
> > http_access deny all
>
> You are already blocking all. Please post what you are seeing in
> your logs which makes you think that 192.168.16.0/24 is accessing
> your cache.

The order is what is important here.. you can't deny people access if
you have already allowed them.. (allow localnet)

I think your http_access rules should read:

 http_access deny menet
 http_access deny !Safe_ports
 http_access deny CONNECT
 http_access allow localnet
 http_access allow othernet
 http_access allow othernet2
 http_access allow localhost
 http_access deny all

-- 
MARA Systems AB, Giving you basic free Squid support
Your source of advanced web reverse proxying solutions
http://www.marasystems.com/producs/
Received on Mon Apr 22 2002 - 05:20:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:38 MST