RE: [squid-users] squid tuning & ACL use

From: Andrew Kenna <andrewk@dont-contact.us>
Date: Wed, 15 Aug 2001 16:28:52 +1000

acl internal src 192.168.100.0/255.255.255.0
acl internet src 203.63.xx.xx/255.255.255.192

http_access allow internal
http_access allow internet

Have a fiddle with the above statements as they work fine for me

Andrew

-----Original Message-----
From: chami [mailto:chami@cmb.ac.lk]
Sent: Wednesday, August 15, 2001 5:09 PM
To: Andrew Kenna
Subject: Re: [squid-users] squid tuning & ACL use

Hi Andrew

Yes it is but I use soem acl's it wont work for me I don't know how to use
netmask in acl

thanks

chami

Andrew Kenna wrote:

> Is this proxy server live on the net ?
>
> If so you might like to put some restrictions on what ip addresses can use
> the proxy by using acl's
>
> Andrew
>
> -----Original Message-----
> From: chami [mailto:chami@cmb.ac.lk]
> Sent: Wednesday, August 15, 2001 4:49 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] squid tuning & ACL use
>
> Hi
>
> I configured squid on BSDi 4.1 and working in a not efficient way. When
> my clients connect to my squid proxy it is too slow
> but when clients connect to my Parent directly it is working fine. For
> your convenient I'll attach my squid.conf file.
>
> And I also want to use ACL in squid.conf, how can I grant access to
> 192.2.1.0 network using ACL I'm bit confusing with net
> mask.
>
> If any one can help me to over come this problem it will be grate.
>
> thanks
>
> chami
>
> Squid.conf
>
> http_port 3128
> cache_peer 192.2.1.6 parent 3128 3130
> cache_peer_domain 192.2.1.6
> cache_mem 8 MB
> cache_swap_high 100
> maximum_object_size 4096 KB
> cache_dir ufs /var/squid/cache 1000 16 256
> cache_access_log /var/squid/logs/access.log
> reference_age 3 week
>
> acl all src 0.0.0.0/0.0.0.0
> acl bsdi domain .xxx.xx.xx
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl ftp port 21
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager !bsdi
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access allow all
Received on Wed Aug 15 2001 - 00:42:22 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:38 MST