Please see Squid FAQ chapter 10 for a good description of how http_access works.
Regards Herik On Tue, 3 Feb 2004, Chris Burton wrote: > Hi All, > > im getting a bit stressed with squid now, finally got it all configured > apart from one little bit, getting stuff banned by our internal IPs > > basicly as you can tell by our config file (pasted below) is that we > pull a list of words that are "banned" from the file blocked, we would > like todo the same but it containing certain internal IP address's for > example > > 10.3.181.19 can see the internet > 10.3.181.20 cant see the internet (and is in the network blocked file) > > > iv tried everything i have seen on the mailing lists and squid's site > but nothing works, maybe one of you could ammend the pasted bit below > ;o) > > > many many many many many many many many many many many many many many > many many many many many many many many many many many many many many > many many many many many many many many many many many many many many > many many many many many many many many many many many many many many > many many many many many many many Thanks > > Chris Burton > -------------- > Linux Admin and Stress Head :o) > > > http_port 8081 > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > dns_nameservers 10.3.1.190 195.195.244.82 > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > acl myBlocked url_regex -i "/etc/squid/blocked" > http_access deny myBlocked > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access allow manager localhost > http_access allow all > http_access deny manager > http_access deny CONNECT !SSL_ports > > http_access allow localhost > http_access deny all > http_reply_access allow all > > icp_access allow all > > tcp_outgoing_address 10.3.181.45 > visible_hostname noobler > > > ********************************************************************** > This message is sent in confidence for the addressee > only. It may contain confidential or sensitive > information. The contents are not to be disclosed > to anyone other than the addressee. Unauthorised > recipients are requested to preserve this > confidentiality and to advise us of any errors in > transmission. Any views expressed in this message > are solely the views of the individual and do not > represent the views of the College. Nothing in this > message should be construed as creating a contract. > ********************************************************************** >
