Hi,
I hope I can get a bit of help with
My ACLs. My goal is to deny access by default
And then add back sites to certain users.
I know my authentication is working.
WIDE_OPEN is a list of users who should have wide
Open access
CS (Customer Service) are users that should have access only
To the expressions listed in cs.allowed site.
Here is my relevant config info......
## Auth
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
## ACLs ##
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl WIDE_OPEN proxy_auth "/etc/squid/wide_open.users"
acl CS proxy_auth "/etc/squid/cs.users"
acl CS_SITES dstdom_regex "/etc/squid/cs.allowed.sites"
acl CS_SITES dstdom_regex google
## Control Operations ##
## Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
## Deny requests to unknown ports
http_access deny !Safe_ports
## Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
## Make Sure web apps on the proxy server can be accessed
## by other clients
http_access deny to_localhost
http_access allow CS CS_SITES
http_access allow WIDE_OPEN
http_access deny CS
http_access deny WIDE_OPEN
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
## Allow replies to client requests
http_reply_access allow all
Received on Fri Apr 02 2004 - 13:15:45 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:01 MDT