On Tue, 31 Aug 2004, André Füchsel wrote:
> hope, this question is not too basic. I dealt with ACLs quite a while now,
> but I cannot figure out, how to set up them correctly. Some help would be
> very much appreciated.
Start by reading and understanding the introduction section in Squid FAQ
Chapter 10 Access Controls, especially the part trying to explain how
http_access works.
> I want to use squid only as an accelerating proxy.
What you refer to by "only as an accelerating proxy"?
> It is placed in the DMZ and one should be able to connect both to its
> external address (xxx.yyy.zzz) and to its internal address
> (192.168.200.10). The accel_host itself is placed in the user LAN with
> 10.0.10.102. No other use of this squid installation should be allowed.
Ah, you are running a reverse proxy?
The access controls is then based on what destinations should be allowed
to access via Squid, not who may access it.
> For testing I set http_access allow all but this is obviously not correct. I
> then tried to define an acl MYLAN with 192.168.200.0-192.168.200.255 but it
> did not work.
Why not?
There is nothing wrong with such acl. But it is probably not needed in
your setup. The only reason for you to define a "mylan" acl is if users
from your lan should have different access to your web site than users
from the outside.
Regards
Henrik
Received on Tue Aug 31 2004 - 06:57:15 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Sep 01 2004 - 12:00:03 MDT