Date: Tue, 23 Mar 2004 15:39:38 -0500 From: bobc@sfcei.com To: Toni.Heinonen@teleware.fi Cc: freebsd-questions@freebsd.org Subject: RE: squid and it's config, a question Message-ID: <B9FB8C769C17D411892D00B0D02165322397C1@sf_pdc>
next in thread | raw e-mail | index | archive | help
> Well, you're only matching "not-my-network". You should have > more http_access commands, even by default. Show the rest of > them. I think this would be more appropriate: > > http_access allow internal > http_access deny all > > That would first let the right people surf, and then deny > everything else. > acl internal src 10.1.1.0/24 > http_access deny !internal When you say "not-my-network" do you mean I defined my network, never allowed my network and then denied everything but my network? If so, I have effectively not allowed anything. No? I am trying to get a better feel for the syntax, hence my above questions. And again thanks for the patience. Then perhaps with my notes to the right: acl internal src 10.1.1.0/24 #defines my internal lan http_access allow internal #allows the internal lan access http_access deny all #denies all others As you requested here are the additional http_access lines from much further into the file. # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # acl myclients src 10.1.1.0/24 http_access allow myclients # And finally deny all other access to this proxy http_access deny all Would it be safe to drop the above 4 lines if I have already done such things at the first of the file? --Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B9FB8C769C17D411892D00B0D02165322397C1>