RE: [squid-users] ACL and localhost problems

From: Andrew Loughnan <[email protected]>
Date: Fri, 9 Aug 2002 09:16:48 +1000

There does not seem to be an allow for your local network

eg

acl localnet 192.168.0.0/24
http_access allow localnet

Without this you follow the final rule which is deny all

-----Original Message-----
From: Calvin Smith [mailto:calvins@csts.org]
Sent: Thursday, 8 August 2002 8:03 AM
To: squid-users@squid-cache.org
Subject: [squid-users] ACL and localhost problems

I have searched the list archives and can not find out why my setup doesn't
seem to work. The problem I am having is I am denied access when I use the
following squid.conf:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
http_access allow localhost
#
http_access deny all

If I remove the localhost and allow all or if I add authentication and only
allow authenticated users everything works OK.
I am running this on FreeBSD 4.4 and squid 2.4. I think I must be missing
something simple and so maybe another set of eyes will see it.

Thanks
Received on Thu Aug 08 2002 - 17:15:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:34 MST