On Tue, 31 Aug 2004, André Füchsel wrote:
hope, this question is not too basic. I dealt with ACLs quite a while now, but I cannot figure out, how to set up them correctly. Some help would be very much appreciated.
Start by reading and understanding the introduction section in Squid FAQ Chapter 10 Access Controls, especially the part trying to explain how http_access works.
I want to use squid only as an accelerating proxy.
What you refer to by "only as an accelerating proxy"?
It is placed in the DMZ and one should be able to connect both to its external address (xxx.yyy.zzz) and to its internal address (192.168.200.10). The accel_host itself is placed in the user LAN with 10.0.10.102. No other use of this squid installation should be allowed.
Ah, you are running a reverse proxy?
The access controls is then based on what destinations should be allowed to access via Squid, not who may access it.
For testing I set http_access allow all but this is obviously not correct. I then tried to define an acl MYLAN with 192.168.200.0-192.168.200.255 but it did not work.
Why not?
There is nothing wrong with such acl. But it is probably not needed in your setup. The only reason for you to define a "mylan" acl is if users from your lan should have different access to your web site than users from the outside.
Regards Henrik
