squid and it's config, a question
bobc at sfcei.com
bobc at sfcei.com
Tue Mar 23 12:58:40 PST 2004
> Well, you're only matching "not-my-network". You should have
> more http_access commands, even by default. Show the rest of
> them. I think this would be more appropriate:
>
> http_access allow internal
> http_access deny all
>
> That would first let the right people surf, and then deny
> everything else.
> acl internal src 10.1.1.0/24
> http_access deny !internal
When you say "not-my-network" do you mean I defined my network, never
allowed my network and then denied everything but my network? If so, I have
effectively not allowed anything. No?
I am trying to get a better feel for the syntax, hence my above questions.
And again thanks for the patience.
Then perhaps with my notes to the right:
acl internal src 10.1.1.0/24 #defines my internal lan
http_access allow internal #allows the internal lan access
http_access deny all #denies all others
As you requested here are the additional http_access lines from much further
into the file.
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl myclients src 10.1.1.0/24
http_access allow myclients
# And finally deny all other access to this proxy
http_access deny all
Would it be safe to drop the above 4 lines if I have already done such
things at the first of the file?
--Bob
More information about the freebsd-questions
mailing list