[ILUG] Squid 2.3

Fergus Donohue Fergus.Donohue at eolach.com
Wed Jul 11 09:54:55 IST 2001 

Hi Niall,

If it's a serious squid box I'd suggest moving to 2.4, it's a lot more
stable. As for the ACLs this should explain it a bit better than
squid.conf.

http://squid.visolve.com/squid24s1/access_controls.htm

Now for the specifiy version version:
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
http_access allow manager localhost

This defines 2 ACLs, then allow access when both are satisfied (coming
from localhost for protocol cache_object). If you want to browse from
localhost you can just add in the following:
http_access allow localhost

Hope this clears it up,

Fergus.

Niall O Broin wrote:
> 
> I'm in the process of upgrading my main box to SuSE 7.1 (yes, thank you, I
> know 7.2 is out now) and it's hurting my head in numerous ways. The latest
> is Squid. I've installed Squid 2.3 and have it pointing to my existing squid
> cache directory. I have a squid configuration file with acls defined like
> 
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl localnet src 192.168.1.0/255.255.255.0
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> 
> and http_access rules like
> 
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #
> http_access allow localnet
> http_access deny all
> 
> yet it didn't allow access to the box it's running on. I fixed this by
> adding in a line with
> 
> http_access allow localhost
> 
> but why doesn't the line
> 
> http_access allow manager localhost
> 
> allow this ? Does that line mean
> 
> allow access for protocol cache_object from source localhost
> 
> or does it mean
> 
> allow access for protocol cache_object, source localhost
> 
> I seem to have very little squid documentation, and the sample configuration
> file says
> 
> http_access allow|deny [!]aclname ...
> 
> but there's no indication as to what the ellipsis means here - does it mean
> that access will be allowed/denied to a list of acls, or only to traffic
> matching all the acls specified. Does ... mean union or intersection in this
> case ? I'd normally take it to mean union, but in this case it seems to mean
> intersection.
> 
> Regards,
> 
> Niall
> 
> --
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie

-- 
Eolach - Ireland's leading Open Source consultancy
email: info at eolach.com  web: http://www.eolach.com
tel: (+353) 1 874 0510  fax: (+353) 1 874 0515
newsletter: http://www.eolach.com/open-source-news

More information about the ILUG mailing list