On Monday 04 August 2003 10.53, ads squid wrote:
> O.K.
> My acl and http_access are as below :
>
> acl STOP1 src 192.168.0.42
> acl WORKING time MTWHF 09:30-14:18
> acl SITE dstdomain www.xyz.com
> http_access deny STOP1 WORKING SITE
Looks fine.
If the above rule does not work, what do you get in access.log?
> acl localnet src 192.168.0.0/255.255.255.0
> acl localhost src 127.0.0.1/255.255.255.255
> http_access allow localnet
> http_access allow localhost
you still have not moved these down where they belong. Nothing beyond
this will be used until you move this down.
> acl Safe_ports port 80 443 210 119 70 20 21 1025-65535
> http_access deny !Safe_ports
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0.0.0.0
> acl losers src 192.168.0.0/255.255.255.0
> acl 4CONN maxconn 4
> http_access deny 4CONN losers
> acl magic_words2 url_regex -i .mpeg .mpe .mpg .wav
> .mov
> acl day time MTWHF 07:00-23:00
> http_access deny CONNECT
The above mentioned rules should be here, just before "deny all".
> http_access deny all
> I want to give access to other IPs of network
> 192.168.0.0 to all.
> (OR Give access to 192.168.0.0-80. form 81 to 255 will
> be restricted access.)
You need to decide on one, and make the src acl correspondingly in
your corresponding allow rule.
> I want to deny access to not safe ports.
This you need to do before wher you allow access. You can not deny
what you have already allowed (or allow what you have already
denied).
> I want to delay access to "magic_words2" to 2000 Kbps.
See the delay_* directives.
Regards
Henrik
Received on Mon Aug 04 2003 - 03:12:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:34 MST