Re: [squid-users] network blocking <-gettings stressed with it now

Please see Squid FAQ chapter 10 for a good description of how http_access
works.

Regards
Herik

On Tue, 3 Feb 2004, Chris Burton wrote:

> Hi All,
>
> im getting a bit stressed with squid now, finally got it all configured
> apart from one little bit, getting stuff banned by our internal IPs
>
> basicly as you can tell by our config file (pasted below) is that we
> pull a list of words that are "banned" from the file blocked, we would
> like todo the same but it containing certain internal IP address's for
> example
>
> 10.3.181.19 can see the internet
> 10.3.181.20 cant see the internet (and is in the network blocked file)
>
>
> iv tried everything i have seen on the mailing lists and squid's site
> but nothing works, maybe one of you could ammend the pasted bit below
> ;o)
>
>
> many many many many many many many many many many many many many many
> many many many many many many many many many many many many many many
> many many many many many many many many many many many many many many
> many many many many many many many many many many many many many many
> many many many many many many many Thanks
>
> Chris Burton
> --------------
> Linux Admin and Stress Head :o)
>
>
> http_port 8081
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> dns_nameservers 10.3.1.190 195.195.244.82
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl myBlocked url_regex -i "/etc/squid/blocked"
> http_access deny myBlocked
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access allow all
> http_access deny manager
> http_access deny CONNECT !SSL_ports
>
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
>
> icp_access allow all
>
> tcp_outgoing_address 10.3.181.45
> visible_hostname noobler
>
>
> ************************************************** ********************
> This message is sent in confidence for the addressee
> only. It may contain confidential or sensitive
> information. The contents are not to be disclosed
> to anyone other than the addressee. Unauthorised
> recipients are requested to preserve this
> confidentiality and to advise us of any errors in
> transmission. Any views expressed in this message
> are solely the views of the individual and do not
> represent the views of the College. Nothing in this
> message should be construed as creating a contract.
> ************************************************** ********************
>