[squid-users] Problem understanding ACL
Hello, I try so setup squid as reverse proxy for the following situation: 1. www.domain.tld:80 - server:80 2. www.domain.tld:8080- server:8080 3. www.domain.tld/dir/:80 - server:8080 1.+2. I'v solved: http_port 1.1.1.1:80 accel defaultsite=www.domain.tld http_port 1.1.1.1:8080 accel defaultsite=www.domain.tld cache_peer 2.2.2.2 parent 80 0 no-query originservername=cpa80 cache_peer 2.2.2.2 parent 80800 no-query originservername=cpa8080 acl our_sites dstdomain www.domain.tld http_access allow our_sites http_access denyall acl port80 myport 80 acl port8080myport 8080 cache_peer_access cpa80allow port80 cache_peer_access cpa80denyall cache_peer_access cpa8080 allow port8080 cache_peer_access cpa8080 denyall But I've no idea how to setup number 3. I think I need and and for the acl but I can't find. If I would have and and I could make 2 ACL's for port 80: acl port80_dir urlpath_regex ^/dir AND myport 80 acl port80 myport 80 Kind regards, Andreas Müller
Re: [squid-users] Problem understanding ACL
Andreas Müller wrote: Hello, I try so setup squid as reverse proxy for the following situation: 1. www.domain.tld:80 - server:80 2. www.domain.tld:8080- server:8080 3. www.domain.tld/dir/:80 - server:8080 1.+2. I'v solved: http_port 1.1.1.1:80 accel defaultsite=www.domain.tld http_port 1.1.1.1:8080 accel defaultsite=www.domain.tld cache_peer 2.2.2.2 parent 80 0 no-query originservername=cpa80 cache_peer 2.2.2.2 parent 80800 no-query originservername=cpa8080 acl our_sites dstdomain www.domain.tld http_access allow our_sites http_access denyall acl port80 myport 80 acl port8080myport 8080 cache_peer_access cpa80allow port80 cache_peer_access cpa80denyall cache_peer_access cpa8080 allow port8080 cache_peer_access cpa8080 denyall But I've no idea how to setup number 3. I think I need and and for the acl but I can't find. If I would have and and I could make 2 ACL's for port 80: acl port80_dir urlpath_regex ^/dir AND myport 80 acl port80 myport 80 1) /dir/:80 folder dir filename :80 2) http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15
[squid-users] Problem understanding acl
I want to have the following scenario but I can't understand how to do it # Employee general access to a list of sites acl allowed-sites dstdomain .thisdomain.com .thatdomain.com http_access allow allowed-sites # Some employees listed get access to all EXCEPT the banned sites acl banned_sites dstdomain .abc.com .msn.com .hotmail.com .go.com .playboy.com acl password_access proxy_auth someone someone-else anotheruser http_access allow password_access but deny the banned_lists # And finally deny all other access to this proxy http_access allow localhost http_access deny all How can I limit the password users to all but the banned sites? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [squid-users] Problem understanding acl
On Wed, 2006-02-15 at 10:23 -0400, Chris Mason (Lists) wrote: From: Chris Mason (Lists) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: squid-users@squid-cache.org Subject: [squid-users] Problem understanding acl Date: Wed, 15 Feb 2006 10:23:43 -0400 (15:23 CET) Mailer: Thunderbird 1.5 (Windows/20051201) I want to have the following scenario but I can't understand how to do it # Employee general access to a list of sites acl allowed-sites dstdomain .thisdomain.com .thatdomain.com http_access allow allowed-sites # Some employees listed get access to all EXCEPT the banned sites acl banned_sites dstdomain .abc.com .msn.com .hotmail.com .go.com .playboy.com acl password_access proxy_auth someone someone-else anotheruser http_access allow password_access but deny the banned_lists # And finally deny all other access to this proxy http_access allow localhost http_access deny all Hi, As far as I understand, it's just like this: acl allowed-sites dstdomain .thisdomain.com .thatdomain.com acl banned_sites dstdomain .abc.com .msn.com .hotmail.com .go.com .playboy.com acl password_access proxy_auth someone someone-else anotheruser ##Order is important http_access allow allowed-sites http_access deny banned_sites http_access allow password_access http_access deny all Bart -- Schelstraete Bart http://www.schelstraete.org [EMAIL PROTECTED] 15:43:27 up 3 days, 21:54, 3 users, load average: 1.83, 1.88, 1.78
RE: [squid-users] Problem understanding acl
-Original Message- From: Schelstraete Bart [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 15, 2006 5:47 AM To: [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Problem understanding acl On Wed, 2006-02-15 at 10:23 -0400, Chris Mason (Lists) wrote: I want to have the following scenario but I can't understand how to do it # Employee general access to a list of sites acl allowed-sites dstdomain .thisdomain.com .thatdomain.com http_access allow allowed-sites # Some employees listed get access to all EXCEPT the banned sites acl banned_sites dstdomain .abc.com .msn.com .hotmail.com .go.com .playboy.com acl password_access proxy_auth someone someone-else anotheruser http_access allow password_access but deny the banned_lists # And finally deny all other access to this proxy http_access allow localhost http_access deny all Hi, As far as I understand, it's just like this: acl allowed-sites dstdomain .thisdomain.com .thatdomain.com acl banned_sites dstdomain .abc.com .msn.com .hotmail.com .go.com .playboy.com acl password_access proxy_auth someone someone-else anotheruser ##Order is important http_access allow allowed-sites http_access deny banned_sites http_access allow password_access http_access deny all One note of caution. This would allow ANYONE who has access to your proxy to use it to access the allowed-sites. Defining an acl that describes your LAN... acl my-lan src 192.168.0.0/16 ...and using it to limit un-authenticated access to allowed-sites... http_access allow my-lan allowed-sites ... is probably not a bad idea. Further, you can combine the password_access and banned sites into one rule... http_access allow password_access !banned_sites ... if you wish. There is a whole section of the FAQ dedicated to ACLs (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html). Bart -- Schelstraete Bart http://www.schelstraete.org [EMAIL PROTECTED] 15:43:27 up 3 days, 21:54, 3 users, load average: 1.83, 1.88, 1.78 Chris