tis 2008-04-08 klockan 10:10 +0100 skrev Paul Houselander (SME):
> Which seemed to work but I noticed an IP I had in
> "/etc/squid/acl/everything" which was going via the parent and redirector
> started going direct? If I comment out all my proxy_auth lines and restart
> squid all works again. Ca
Paul Houselander (SME) wrote:
Hi
Ive been using IP's in acl's to restrict access to squid, a redirector
(squidguard) and a parent proxy (virus scanning proxy)
This has been working fine and part of my squid.conf is below
# Everything ACL - goes via parent and squidguard
acl everything src "/et
Hi
Ive been using IP's in acl's to restrict access to squid, a redirector
(squidguard) and a parent proxy (virus scanning proxy)
This has been working fine and part of my squid.conf is below
# Everything ACL - goes via parent and squidguard
acl everything src "/etc/squid/acl/everything"
http_acc
On 11.02.08 19:34, Phibee Network Operation Center wrote:
> I have a Squid Server, i am search a solution for add a small ACL:
>
> ACL based on a IP List (/etc/squid/ip_authorized) with this fonction:
>
>- If the IP is into the list, no problems, he can going on www.
>
>- If the IP are n
Hi
I have a Squid Server, i am search a solution for add a small ACL:
ACL based on a IP List (/etc/squid/ip_authorized) with this fonction:
- If the IP is into the list, no problems, he can going on www.
- If the IP are not into the list, he can going on the www but
for all URL squid
> Vadim Pushkin wrote:
>> Thanks Chris;
>>
>> Based on your excellent example:
>>
>>> acl DenyIP_CONNECT url_regex ^[a-z]{1-5}://[0-9]
>>
>> Would I still be required to write IP addresses with a netmask? Or
>> can I mix them, which is my preference.
>
> If I remember correctly, the dst acl prefer
Vadim Pushkin wrote:
Thanks Chris;
Based on your excellent example:
acl DenyIP_CONNECT url_regex ^[a-z]{1-5}://[0-9]
Would I still be required to write IP addresses with a netmask? Or
can I mix them, which is my preference.
If I remember correctly, the dst acl prefers a netmask these day
By the way, the longer, second example, does not work at all. It allows
everything through.
.vp
From: "Vadim Pushkin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], squid-users@squid-cache.org
Subject: Re: [squid-users] Can ANyone Help Me Re: [squid-users] ACL
Question - (urlp
he.org
Subject: Re: [squid-users] Can ANyone Help Me Re: [squid-users] ACL
Question - (urlpath_r
Date: Fri, 26 Oct 2007 12:32:12 -0800
Vadim Pushkin wrote:
Let me see if I have this straight... You want to block CONNECT to IP
address, except those that are explicitly allowed, but allow CONNECT t
Vadim Pushkin wrote:
Let me see if I have this straight... You want to block CONNECT to
IP address, except those that are explicitly allowed, but allow
CONNECT to any FQDN. Is this correct?
Chris
yes, for now, because I see no reason that they should be allowed.
The FQDN ones are a nigh
Me Re: [squid-users] ACL
Question - (urlpath_r
Date: Thu, 25 Oct 2007 13:57:49 -0800
Vadim Pushkin wrote:
From: "Amos Jeffries" <[EMAIL PROTECTED]>
>>From: Chris Robertson <[EMAIL PROTECTED]>
>
>>> > Hello All;
>>> >
>>> &
Vadim Pushkin wrote:
From: "Amos Jeffries" <[EMAIL PROTECTED]>
>>From: Chris Robertson <[EMAIL PROTECTED]>
>
>>> > Hello All;
>>> >
>>> > I have a rule which blocks the use of CONNECT based on the
>>> > user calling an IP address vs. FQDN, this works great!
>>> >
>>> > I am able to specify
From: "Amos Jeffries" <[EMAIL PROTECTED]>
>>From: Chris Robertson <[EMAIL PROTECTED]>
>
>>> > Hello All;
>>> >
>>> > I have a rule which blocks the use of CONNECT based on the
>>> > user calling an IP address vs. FQDN, this works great!
>>> >
>>> > I am able to specify allowed IP addresses b
>
>
>
>>From: Chris Robertson <[EMAIL PROTECTED]>
>
>>> > Hello All;
>>> >
>>> > I have a rule which blocks the use of CONNECT based on the
>>> > user calling an IP address vs. FQDN, this works great!
>>> >
>>> > I am able to specify allowed IP addresses by adding them into
>>> > /squid/etc/allow-i
From: Chris Robertson <[EMAIL PROTECTED]>
> Hello All;
>
> I have a rule which blocks the use of CONNECT based on the
> user calling an IP address vs. FQDN, this works great!
>
> I am able to specify allowed IP addresses by adding them into
> /squid/etc/allow-ip-addresses.
>
> I am in need
Vadim Pushkin wrote:
> Hello All;
>
> I have a rule which blocks the use of CONNECT based on the
> user calling an
> IP address vs. FQDN, this works great!
>
> I am able to specify allowed IP addresses by adding them into
> /squid/etc/allow-ip-addresses.
>
> I am in need of adding entire subnets,
> Thanks,
>
> .vp
>
>
>>From: "Vadim Pushkin" <[EMAIL PROTECTED]>
>>To: [EMAIL PROTECTED]
>
>>Hi Sven;
>>
>>I am unable to use:
>>
>>acl allowed-CONNECT dst 192.168.0.0/24
>>
>>Well, I could, but then I would have to add one for each host and or
>> subnet
>>in my list, far too inefficient.
Depends
Thanks,
.vp
From: "Vadim Pushkin" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Hi Sven;
I am unable to use:
acl allowed-CONNECT dst 192.168.0.0/24
Well, I could, but then I would have to add one for each host and or subnet
in my list, far too inefficient.
squid will not see URLs at all
Hi Sven;
I am unable to use:
acl allowed-CONNECT dst 192.168.0.0/24
Well, I could, but then I would have to add one for each host and or subnet
in my list, far too inefficient.
squid will not see URLs at all during SSL traffic, so url_regex will not
work.
Yes, since it is in the URL, it
Vadim Pushkin wrote
> Hello All;
>
> I have a rule which blocks the use of CONNECT based on the
> user calling an
> IP address vs. FQDN, this works great!
>
> I am able to specify allowed IP addresses by adding them into
> /squid/etc/allow-ip-addresses.
>
> I am in need of adding entire s
Hello All;
I have a rule which blocks the use of CONNECT based on the user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets, or parts of a network as well, whi
Thank you very much!
.vp
On 5/10/07, Vadim Pushkin <[EMAIL PROTECTED]> wrote:
I am trying to modify my ACL to prevent a specific IP address within a
range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
Thank you.
acl NET_ONE src 192.168.0.0/
On 5/10/07, Vadim Pushkin <[EMAIL PROTECTED]> wrote:
I am trying to modify my ACL to prevent a specific IP address within a range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
acl NET_ONE src 192.168.0.0/16
or
http_access allow NET_ONE
I thin
On 5/10/07, Vadim Pushkin <[EMAIL PROTECTED]> wrote:
I am trying to modify my ACL to prevent a specific IP address within a range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
Thank you.
acl NET_ONE src 192.168.0.0/16
or
http_access allow NET_
I am trying to modify my ACL to prevent a specific IP address within a range
already defined in http_access and acl.
Where within this do I state *not* (!) 192.168.1.200?
Thank you.
acl NET_ONE src 192.168.0.0/16
or
http_access allow NET_ONE
On Tuesday 20 December 2005 12:17, M.K. tenNapel wrote:
> My boss asked me to put all network-IP's into certain groeps
> and that determine the acces each group should allowed to have.
> The problem is that this list is rather large. I could just place
> all Ip's on 1 line in /etc/squid/squid.conf,
Hi,
My boss asked me to put all network-IP's into certain groeps
and that determine the acces each group should allowed to have.
The problem is that this list is rather large. I could just place
all Ip's on 1 line in /etc/squid/squid.conf, like this:
acl Group_MaxAllowed src 192.168.1.5 192.168.1
Hi Christoh..
Thankyou very much for this...
it worked...
I finally understand how Deny/Allow works ..
(match/don't match)
ps... my name is Shannon...I usually create
temporary aliases when subscribing to
mail/support groups. It avoids spam on my
real email address...
cheers..
> Christoph
On Tue, Jul 06, 2004 at 04:21:13PM +1000, squidcache wrote:
> ACL
> all 172.16.1.1-172.16.1.254/255.255.255.255
> Restricted_Sites URL Regexp microsoft.com
> Unrestricted_Users Client Regexp w2kserver
>
> PROXY ACL
> Allow manager localhost
> Deny manager
> Allow !Safe_ports
> Allow CONNECT !SSL_p
ACL
all 172.16.1.1-172.16.1.254/255.255.255.255
Restricted_Sites URL Regexp microsoft.com
Unrestricted_Users Client Regexp w2kserver
PROXY ACL
Allow manager localhost
Deny manager
Allow !Safe_ports
Allow CONNECT !SSL_ports
Allow localhost
Deny Restricted_Sites
Allow all
My goal is to allow a sma
On Fri, 20 Feb 2004, Ballou, Matthew wrote:
> Hello,
> Could someone give me an example of the synatax in setting up squid
> to prevent downloads of certain files (Zip, Exe for example).
> I checked out the Archive posts but I dont seem to have it right.
>
> acl Downloads urlpath_regex .\
Hello,
Could someone give me an example of the synatax in setting up squid
to prevent downloads of certain files (Zip, Exe for example).
I checked out the Archive posts but I dont seem to have it right.
acl Downloads urlpath_regex .\exe$
http_access deny Downloads
Thanks,
Matt
On Wed, 17 Dec 2003, Xpression wrote:
> Hi list, I'm trying to deny some users to navigate at
> certain times, I've created two users group (FULL_USERS [1]
> and LIMITED_USERS [2]) and TIMES acl to achieve it, but it
> doesn't works, group1 cannot access the cache, any clues ???
> Thanks...
li
Hi list, I'm trying to deny some users to navigate at
certain times, I've created two users group (FULL_USERS [1]
and LIMITED_USERS [2]) and TIMES acl to achieve it, but it
doesn't works, group1 cannot access the cache, any clues ???
Thanks...
acl LAN src 192.168.1.0/24
acl CUBA src 192.168.2.8/2
On Mon, 15 Dec 2003, Xpression wrote:
> Hi, I've posted a similar message some hours ago, I've
> reconfigured my squid, but with no hope all users are
> restricted to day/time I put on the acl "times", I'm
> confused with it, can't find the way to exclude some users
> on these pools: 192.168.2.8/2
Hi, I've posted a similar message some hours ago, I've
reconfigured my squid, but with no hope all users are
restricted to day/time I put on the acl "times", I'm
confused with it, can't find the way to exclude some users
on these pools: 192.168.2.8/29, 192.168.2.16/29...
--
On Sun, 14 Dec 2003, Xpression wrote:
> Hi list, I recently installed squid-2.5.STABLE4, everything
> is fine, now I'm trying to set up some acls but with no
> hope, indeed, I want to allow some users (A) and others (B)
> on the same and differents pool addresses to navigate at
> sometime (e.g. M-
Hi list, I recently installed squid-2.5.STABLE4, everything
is fine, now I'm trying to set up some acls but with no
hope, indeed, I want to allow some users (A) and others (B)
on the same and differents pool addresses to navigate at
sometime (e.g. M-F 8:00-16:00) any help ???
Here is the revelant
On Mon, 13 Oct 2003, Eduard Bondarenko wrote:
> squid can listen on many ports (http_port), but how can I know on what
> port user connect.
Via the my_port and/or my_address acl types.
Regards
Henrik
squid can listen on many ports (http_port), but how can I know on what
port user connect. I want to set - redirector_access allow
second_port_acl. What does second_port_acl looks like?
sorry for my English, my native language is C
Thanks to all of you guys,
Mike
- Original Message -
From: "Adam Aube" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 20, 2003 8:28 PM
Subject: RE: [squid-users] ACL Question
> > I have a little bit question about ACL blocking the
&g
On Wednesday 20 August 2003 17.08, Joshua Brindle wrote:
> type. Also, the !POST thing doesn't make a lot of sense either
> since most search engines (like google) uses GET vars, not POST
Not a problem for these, as url_regex will not match GET form
submissions as these do not end in \.exe$ even
blocking on extensions is silly anyway, i've seen windows sites
that have something like http://site/cgi-bin/somescript.exe
that turns out to be html, you really need to block on mime
type. Also, the !POST thing doesn't make a lot of sense either
since most search engines (like google) uses GET var
> I have a little bit question about ACL blocking the
> downloading.
> here's my squid.conf some line
> acl download url_regex "/path/to/denydownload.txt"
> acl POST method POST
> http_access deny download !POST
> here's my denydownload.txt
Try replacing with the following:
acl download url_reg
EMAIL PROTECTED]
Subject: [squid-users] ACL Question
Hi,
I have a little bit question about ACL blocking the downloading.
here's my squid.conf some line
acl download url_regex "/path/to/denydownload.txt"
acl POST method POST
http_access deny download !POST
here's my denydownloa
Hi,
I have a little bit question about ACL blocking the downloading.
here's my squid.conf some line
acl download url_regex "/path/to/denydownload.txt"
acl POST method POST
http_access deny download !POST
here's my denydownload.txt
[eE][xX][eE]
[zZ][iI][pP]
my problem is when my clients search
Henrik Nordstrom wrote:
> On Tuesday 19 August 2003 12.30, cc wrote:
>
>
>>acl noie browser -i MSIE
>>deny_info ERR_NOIE noie
>>http_access deny noie
>>
>>The above, when uncommented makes squid throw a
>>segmentation fault. When I recomment the three
>>lines, Squid works fine.
>
>
> Probably
On Tuesday 19 August 2003 12.30, cc wrote:
> acl noie browser -i MSIE
> deny_info ERR_NOIE noie
> http_access deny noie
>
> The above, when uncommented makes squid throw a
> segmentation fault. When I recomment the three
> lines, Squid works fine.
Probably this:
http://www.squid-cache.org/Versio
Hi,
I'm new to this list. I'm using Squid 2.5STABLE3 on
a Linux 2.4.21 system running Apache 2.x.
As this is a test phase, I figured I'd test out the acl
parameters. I've encountered a strange problem. Perhaps
someone out there might be able to figure it out.
acl noie browser -i MSIE
deny_inf
49 matches
Mail list logo
