Thanks Saul,
It works a treat mate and thanks again for a quick response.
Regards,
Garry Chapple
-----Original Message-----
From: saul waizer [mailto:swaizer@hoodiny.com]
Sent: Wednesday, 12 March 2008 5:24 AM
To: squid-users@squid-cache.org
Cc: Garry D. Chapple
Subject: RE: [squid-users] ACL lists
Garry,
Here are some examples I prepared for you:
acl badguys src 6.0.0.0/8
acl badguys2 src 2.0.0.0/8
acl intruder src 10.10.10.16
acl workstation src 10.10.10.19
acl our_networks src 192.168.1.0/24
http_access deny badguys
http_access deny badguys2
http_access deny intruder
http_access allow workstation
http_access allow our_networks
http_access deny all
Brief explanation on these ACL's:
I use a general acl called badguys to prevent access from an entire
network
class, I.E. someone doing a DoS attack on your network from multiple
IP's on
the same class.
Intruder: A kid with a script trying to use your squid coming from the
same
ip (Your question about deny a single host)
The rest is self explanatory, you can call the acl's whatever you want.
After an acl you must have a rule matching the ACL name, so here is
where
you either allow or deny access based on your ACL's, see the http_access
"allow or deny" above.
Last, but also the most important, at the end of all your ACL's put
"http_access deny all" so you can secure your installation based on your
newly created ACL's
Hope it helps
Saul Waizer
-----Original Message-----
From: Garry D. Chapple [mailto:garryc@compdyna.tzo.com]
Sent: Monday, March 10, 2008 8:27 PM
To: squid-users@squid-cache.org
Subject: [squid-users] ACL lists
Hi,
I am a complete Squid newb with my first install done only yesterday,
2.6 stable(18). Can someone please help with basic ACL config for
network IP's, I would like to allow my local network and restrict just
one or two hosts by IP address. I have Googled a little but as there are
so many ACL configurations it's difficult to know which one works!
Squid is up and running well and I have an ACL to allow my local network
(acl our_networks src 192.168.1.0/24) but how do I then deny access to
just a single host IP? Any examples or good web sites with these kinds
of examples would be much appreciated.
Regards,
Garry C
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date:
3/11/2008
1:41 PM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date:
3/11/2008
1:41 PM
Received on Tue Mar 11 2008 - 16:14:03 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT