Marc G. Fournier wrote:
> Last night, I changed:
>
> acl all src 0.0.0.0/0.0.0.0
Don't do that. Squid assumes all is defined to match everyone.
It is better if you define another ACL name for matching your network.
acl localnet src 131.162.0.0/16
> in order to close off our proxy server from being accessed off of
> our network...all appears to be well except that I can no longer
> access my cachemgr.cgi on the server, with an error of:
This is because localhost no longer have miss_access.
> ====================
> acl all src 131.162.0.0/16
Recommended replacement for the above line:
acl all src 0.0.0.0/0
acl localnet 131.162.0.0/16
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access allow all
Recommended replacement for the above line:
http_access allow localnet
http_access deny all
-- Henrik Nordstrom Squid hackerReceived on Tue Oct 12 1999 - 12:34:52 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:47 MST