On Thursday 05 May 2022 at 11:28:13, Frank Urban wrote:
> Hi,
>
> We created an acl list with workstation names instead of IP addresses.
>
> e.g. acl our_networks src workstaion1.
>
> This works as long as the hostname is resolvable over DNS. If it is
> not, the restart of squid fails.
>
> Is
Hi,
We created an acl list with workstation names instead of IP addresses.
e.g. acl our_networks src workstaion1.
This works as long as the hostname is resolvable over DNS. If it is
not, the restart of squid fails.
Is this the expected result?
Best regards
Frank
On 18/01/18 08:16, Aismel wrote:
Hello,
About this question
My users navigate through internet all day but starting at 14:00pm to
20:00pm I need they can access to X pages only like facebook, youtube,
gmail…
Ideas ??
The answers you seek are in the FAQ, and your access.log
# acl aclname time [day-abbrevs] [h1:m1-h2:m2]
# # [fast]
# # day-abbrevs:
# # S - Sunday
# # M - Monday
# # T - Tuesday
# # W - Wednesday
# # H - Thursday
# # F - Friday
# # A - Saturday
# # h1:m1 must be less than h2:m2
Hello,
About this question
My users navigate through internet all day but starting at 14:00pm to
20:00pm I need they can access to X pages only like facebook, youtube,
gmail.
Ideas ??
___
squid-users mailing list
On 13/10/2015 12:19 p.m., joe wrote:
> ok again i filter out most of the squid conf with this minimum config should
> i get any static img or anything as hit or not
> caus i dont get any
> i test on squid 3.5.8 and up same think
Please continue to use that later version. In absence of any
ok again i filter out most of the squid conf with this minimum config should
i get any static img or anything as hit or not
caus i dont get any
i test on squid 3.5.8 and up same think
via off
forwarded_for off
# should be allowed
acl localnet src 10.2.3.0/24
acl localnet src 10.2.2.0/24
acl
hi this is the first time that happen to me i don't know if its bug or old
stupidity from my side
ok the problem i did not do more study yet i need more feed back pls
let say i have
acl redirect urlpath_regex -i \=1\=12
no_cache deny redirect
all is fine until now caching is ok hit is ok
but
Hi
Ive been using IP's in acl's to restrict access to squid, a redirector
(squidguard) and a parent proxy (virus scanning proxy)
This has been working fine and part of my squid.conf is below
# Everything ACL - goes via parent and squidguard
acl everything src /etc/squid/acl/everything
Paul Houselander (SME) wrote:
Hi
Ive been using IP's in acl's to restrict access to squid, a redirector
(squidguard) and a parent proxy (virus scanning proxy)
This has been working fine and part of my squid.conf is below
# Everything ACL - goes via parent and squidguard
acl everything src
tis 2008-04-08 klockan 10:10 +0100 skrev Paul Houselander (SME):
Which seemed to work but I noticed an IP I had in
/etc/squid/acl/everything which was going via the parent and redirector
started going direct? If I comment out all my proxy_auth lines and restart
squid all works again. Can you
On 11.02.08 19:34, Phibee Network Operation Center wrote:
I have a Squid Server, i am search a solution for add a small ACL:
ACL based on a IP List (/etc/squid/ip_authorized) with this fonction:
- If the IP is into the list, no problems, he can going on www.
- If the IP are not
Hi
I have a Squid Server, i am search a solution for add a small ACL:
ACL based on a IP List (/etc/squid/ip_authorized) with this fonction:
- If the IP is into the list, no problems, he can going on www.
- If the IP are not into the list, he can going on the www but
for all URL squid
Vadim Pushkin wrote:
Thanks Chris;
Based on your excellent example:
acl DenyIP_CONNECT url_regex ^[a-z]{1-5}://[0-9]
Would I still be required to write IP addresses with a netmask? Or
can I mix them, which is my preference.
If I remember correctly, the dst acl prefers a netmask these
Vadim Pushkin wrote:
Thanks Chris;
Based on your excellent example:
acl DenyIP_CONNECT url_regex ^[a-z]{1-5}://[0-9]
Would I still be required to write IP addresses with a netmask? Or
can I mix them, which is my preference.
If I remember correctly, the dst acl prefers a netmask these
: Re: [squid-users] Can ANyone Help Me Re: [squid-users] ACL
Question - (urlpath_r
Date: Fri, 26 Oct 2007 12:32:12 -0800
Vadim Pushkin wrote:
Let me see if I have this straight... You want to block CONNECT to IP
address, except those that are explicitly allowed, but allow CONNECT to
any
By the way, the longer, second example, does not work at all. It allows
everything through.
.vp
From: Vadim Pushkin [EMAIL PROTECTED]
To: [EMAIL PROTECTED], squid-users@squid-cache.org
Subject: Re: [squid-users] Can ANyone Help Me Re: [squid-users] ACL
Question - (urlpath_r
Date: Wed, 31
Vadim Pushkin wrote:
Let me see if I have this straight... You want to block CONNECT to
IP address, except those that are explicitly allowed, but allow
CONNECT to any FQDN. Is this correct?
Chris
yes, for now, because I see no reason that they should be allowed.
The FQDN ones are a
Vadim Pushkin wrote:
From: Amos Jeffries [EMAIL PROTECTED]
From: Chris Robertson [EMAIL PROTECTED]
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding
: [squid-users] ACL
Question - (urlpath_r
Date: Thu, 25 Oct 2007 13:57:49 -0800
Vadim Pushkin wrote:
From: Amos Jeffries [EMAIL PROTECTED]
From: Chris Robertson [EMAIL PROTECTED]
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an IP address vs. FQDN
From: Amos Jeffries [EMAIL PROTECTED]
From: Chris Robertson [EMAIL PROTECTED]
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
From: Chris Robertson [EMAIL PROTECTED]
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of
From: Chris Robertson [EMAIL PROTECTED]
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding
Vadim Pushkin wrote:
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets, or parts
Hi Sven;
I am unable to use:
acl allowed-CONNECT dst 192.168.0.0/24
Well, I could, but then I would have to add one for each host and or subnet
in my list, far too inefficient.
squid will not see URLs at all during SSL traffic, so url_regex will not
work.
Yes, since it is in the URL, it
Thanks,
.vp
From: Vadim Pushkin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hi Sven;
I am unable to use:
acl allowed-CONNECT dst 192.168.0.0/24
Well, I could, but then I would have to add one for each host and or subnet
in my list, far too inefficient.
squid will not see URLs at all
Thanks,
.vp
From: Vadim Pushkin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hi Sven;
I am unable to use:
acl allowed-CONNECT dst 192.168.0.0/24
Well, I could, but then I would have to add one for each host and or
subnet
in my list, far too inefficient.
Depends on how granular you want the
Hello All;
I have a rule which blocks the use of CONNECT based on the user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets, or parts of a network as well,
Vadim Pushkin wrote
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets,
I am trying to modify my ACL to prevent a specific IP address within a range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
Thank you.
acl NET_ONE src 192.168.0.0/16
or
http_access allow NET_ONE
On 5/10/07, Vadim Pushkin [EMAIL PROTECTED] wrote:
I am trying to modify my ACL to prevent a specific IP address within a range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
Thank you.
acl NET_ONE src 192.168.0.0/16
or
http_access allow
On 5/10/07, Vadim Pushkin [EMAIL PROTECTED] wrote:
I am trying to modify my ACL to prevent a specific IP address within a range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
acl NET_ONE src 192.168.0.0/16
or
http_access allow NET_ONE
I think
Thank you very much!
.vp
On 5/10/07, Vadim Pushkin [EMAIL PROTECTED] wrote:
I am trying to modify my ACL to prevent a specific IP address within a
range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
Thank you.
acl NET_ONE src
Hi,
My boss asked me to put all network-IP's into certain groeps
and that determine the acces each group should allowed to have.
The problem is that this list is rather large. I could just place
all Ip's on 1 line in /etc/squid/squid.conf, like this:
acl Group_MaxAllowed src 192.168.1.5
ACL
all 172.16.1.1-172.16.1.254/255.255.255.255
Restricted_Sites URL Regexp microsoft.com
Unrestricted_Users Client Regexp w2kserver
PROXY ACL
Allow manager localhost
Deny manager
Allow !Safe_ports
Allow CONNECT !SSL_ports
Allow localhost
Deny Restricted_Sites
Allow all
My goal is to allow a
On Tue, Jul 06, 2004 at 04:21:13PM +1000, squidcache wrote:
ACL
all 172.16.1.1-172.16.1.254/255.255.255.255
Restricted_Sites URL Regexp microsoft.com
Unrestricted_Users Client Regexp w2kserver
PROXY ACL
Allow manager localhost
Deny manager
Allow !Safe_ports
Allow CONNECT !SSL_ports
Hi Christoh..
Thankyou very much for this...
it worked...
I finally understand how Deny/Allow works ..
(match/don't match)
ps... my name is Shannon...I usually create
temporary aliases when subscribing to
mail/support groups. It avoids spam on my
real email address...
cheers..
Christoph
Hello,
Could someone give me an example of the synatax in setting up squid
to prevent downloads of certain files (Zip, Exe for example).
I checked out the Archive posts but I dont seem to have it right.
acl Downloads urlpath_regex .\exe$
http_access deny Downloads
Thanks,
On Fri, 20 Feb 2004, Ballou, Matthew wrote:
Hello,
Could someone give me an example of the synatax in setting up squid
to prevent downloads of certain files (Zip, Exe for example).
I checked out the Archive posts but I dont seem to have it right.
acl Downloads urlpath_regex .\exe$
On Sun, 14 Dec 2003, Xpression wrote:
Hi list, I recently installed squid-2.5.STABLE4, everything
is fine, now I'm trying to set up some acls but with no
hope, indeed, I want to allow some users (A) and others (B)
on the same and differents pool addresses to navigate at
sometime (e.g. M-F
Hi, I've posted a similar message some hours ago, I've
reconfigured my squid, but with no hope all users are
restricted to day/time I put on the acl times, I'm
confused with it, can't find the way to exclude some users
on these pools: 192.168.2.8/29, 192.168.2.16/29...
On Mon, 15 Dec 2003, Xpression wrote:
Hi, I've posted a similar message some hours ago, I've
reconfigured my squid, but with no hope all users are
restricted to day/time I put on the acl times, I'm
confused with it, can't find the way to exclude some users
on these pools: 192.168.2.8/29,
Hi list, I recently installed squid-2.5.STABLE4, everything
is fine, now I'm trying to set up some acls but with no
hope, indeed, I want to allow some users (A) and others (B)
on the same and differents pool addresses to navigate at
sometime (e.g. M-F 8:00-16:00) any help ???
Here is the revelant
squid can listen on many ports (http_port), but how can I know on what
port user connect. I want to set - redirector_access allow
second_port_acl. What does second_port_acl looks like?
sorry for my English, my native language is C
On Mon, 13 Oct 2003, Eduard Bondarenko wrote:
squid can listen on many ports (http_port), but how can I know on what
port user connect.
Via the my_port and/or my_address acl types.
Regards
Henrik
Hi,
I have a little bit question about ACL blocking the downloading.
here's my squid.conf some line
acl download url_regex /path/to/denydownload.txt
acl POST method POST
http_access deny download !POST
here's my denydownload.txt
[eE][xX][eE]
[zZ][iI][pP]
my problem is when my clients search
I have a little bit question about ACL blocking the
downloading.
here's my squid.conf some line
acl download url_regex /path/to/denydownload.txt
acl POST method POST
http_access deny download !POST
here's my denydownload.txt
Try replacing with the following:
acl download url_regex -i
blocking on extensions is silly anyway, i've seen windows sites
that have something like http://site/cgi-bin/somescript.exe
that turns out to be html, you really need to block on mime
type. Also, the !POST thing doesn't make a lot of sense either
since most search engines (like google) uses GET
On Wednesday 20 August 2003 17.08, Joshua Brindle wrote:
type. Also, the !POST thing doesn't make a lot of sense either
since most search engines (like google) uses GET vars, not POST
Not a problem for these, as url_regex will not match GET form
submissions as these do not end in \.exe$ even
Thanks to all of you guys,
Mike
- Original Message -
From: Adam Aube [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 8:28 PM
Subject: RE: [squid-users] ACL Question
I have a little bit question about ACL blocking the
downloading.
here's my squid.conf
Hi,
I'm new to this list. I'm using Squid 2.5STABLE3 on
a Linux 2.4.21 system running Apache 2.x.
As this is a test phase, I figured I'd test out the acl
parameters. I've encountered a strange problem. Perhaps
someone out there might be able to figure it out.
acl noie browser -i MSIE
On Tuesday 19 August 2003 12.30, cc wrote:
acl noie browser -i MSIE
deny_info ERR_NOIE noie
http_access deny noie
The above, when uncommented makes squid throw a
segmentation fault. When I recomment the three
lines, Squid works fine.
Probably this:
Henrik Nordstrom wrote:
On Tuesday 19 August 2003 12.30, cc wrote:
acl noie browser -i MSIE
deny_info ERR_NOIE noie
http_access deny noie
The above, when uncommented makes squid throw a
segmentation fault. When I recomment the three
lines, Squid works fine.
Probably this:
53 matches
Mail list logo