Well, I tried what you suggested, and it didn't make a difference! =(.
when I added the http_access deny all, and icp_access deny all, I got a
message in squid.out that said:
97/05/06 05:24:11| squid.conf line 949: http_access deny all
97/05/06 05:24:11| aclParseAccessLine: ACL name 'all' not found.
97/05/06 05:24:11| squid.conf line 949: http_access deny all
97/05/06 05:24:11| aclParseAccessLine: Access line contains no ACL's,
skipping
97/05/06 05:24:11| squid.conf line 954: icp_access deny all
97/05/06 05:24:11| aclParseAccessLine: ACL name 'all' not found.
97/05/06 05:24:11| squid.conf line 954: icp_access deny all
97/05/06 05:24:11| aclParseAccessLine: Access line contains no ACL's,
skipping
And all networks within our domain are STILL able to connect to this
proxy, when all I want is 2. Anyhow, here are the settings again:
acl officenet src 207.136.72.0/255.255.255.0
acl oldofficenet src 207.136.75.65/255.255.255.192-207.136.75.130/255.255.255.192
http_access allow officenet
http_access allow oldofficenet
icp_access allow officenet
icp_access allow oldofficenet
On Mon, 5 May 1997, Duncan Anker wrote:
| >Date: Mon, 05 May 1997 19:41:50 PDT
| >From: Duncan Anker <dunc1@hotmail.com>
| >To: jlixfeld@idirect.com
| >Cc: squid-users@nlanr.net
| >Subject: Re: squid.conf -- acl flags
| >
| >
| >
| >>Date: Tue, 6 May 1997 00:49:38 -0400 (EDT)
| >>From: Jason Lixfeld <jlixfeld@idirect.com>
| >>To: squid-users@nlanr.net
| >>Subject: squid.conf -- acl flags
| >>
| >>I have recently installed the latest version of Squid. My goal in this
| >>venture is to allow only 2 (TWO) networks access to it. The rest will get
| >>a 403 Permission Denied error if/when they attempt to use this proxy
| >>server. I have taken the sample squid.conf and edited it to my needs, but
| >>it doesn't seem to be effective. Here is a copy of the relevent
| >>information:
| >>
| >>acl manager proto cache_object
| >>acl localhost src 127.0.0.1/255.255.255.255
| >>acl officenet src 207.136.72.0/255.255.255.0
| >>acl oldofficenet src
| >207.136.75.65/255.255.255.192-207.136.75.130/255.255.255.192
| >>acl all src 0.0.0.0/0.0.0.0
| >>acl SSL_ports port 443 563
| >>acl CONNECT method CONNECT
| >>
| >>http_access deny manager !all
| >>http_access deny CONNECT !SSL_ports
| >>
| >>http_access allow !officenet
| >>http_access allow !oldofficenet
| >>icp_access allow !officenet
| >>icp_access allow !oldofficenet
| >>
| >
| >Assuming that officenet and oldofficenet are the two you want
| >to allow, that should be:
| >
| >http_access allow officenet
| >http_access allow oldofficenet
| >icp_access allow officenet
| >icp_access allow oldofficenet
| >
| >and probably best followed with a deny all to ensure no-one else
| >can use it. The ! means not, so you were allowing anyone not
| >on those networks through. Probably not what you intended. Also,
| >either of those nets would have access because if it didn't match
| >the first allow, it would match the second.
| >
| >An alternative would be to use deny, and write it more succinctly:
| >
| >http_access deny !officenet !oldofficenet
| >
| >>I am probably just missing something here, but I cannot find suffecient
| >
| >I think what you are missing is more detailed documentation :-)
| >
| >>Thanks in advance
| >
| >Cheers
| >>
| >
| >
| >--
| >Duncan Anker http://www.angelfire.com/or/darcknight/
| >
| >Health freaks are going to feel stupid one day, when they're
| >lying in a hospital bed, dying of nothing.
| >
| >---------------------------------------------------------
| >Get Your *Web-Based* Free Email at http://www.hotmail.com
| >---------------------------------------------------------
| >
Received on Mon May 05 1997 - 23:00:50 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:07 MST