Re: [squid-users] Hole in my thinking - still

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 15 Jun 2007 12:30:38 +1200

Bobby wrote:
> On Thursday 14 June 2007 08:58:57 you wrote:
>> Bobby wrote:
>>> On Monday 11 June 2007 18:23:58 Henrik Nordstrom wrote:
>>>> mån 2007-06-11 klockan 17:12 -0400 skrev Bobby:
>>>>> Hi,
>>>>>
>>>>> This is not resolving. Rather than debugging my setup please tell me
>>>>> how you would configure it.
>>>>>
>>>>> What I'm looking at is how do I specify different machines to be able
>>>>> to access only certain websites?
>>>>>
>>>>> Let's say,
>>>>> 172.16.10.16-31 are managers who can go anywhere and
>>>>> 172.16.10.96-254 are operators with limited access like only to
>>>>> .google.com and .paypal.com.
>>>> # Allow managers unrestricted access
>>>> acl managers src ...
>>>> http_access allow managers
>>>>
>>>> # Allow operators access to a restricted set of sites
>>>> acl operators src ...
>>>> acl operator_sites dstdomain .google.com .paypal.com
>>>> http_access allow operators operator_sites
>>>>
>>>> # And deny all other access
>>>> http_access deny all
>>> Those three dots should mean the IP's, right?
>>> Then not having anything after allow managers means "all"?
>> um, um, no,no,....
>> .... I think I finally see whats in your head.
>> You are thinking there are implicit defaults involved in each rule right?
>>
<snip>
>> Amos
>
> No I can't say that I did. :) What I did not know was that each IP needed the
> mask. I had the idea it would recognize a single IP as just one.n

Ok, I my have misunderstood something somewhere myself.

IIRC what I pointed out was that '0.0.0.0' would not match any single
global IP squid is going to see (you originally had it in the list of
valid sources, I thought you meant 'all' by it).
No webserver would be serving on public IP 0.0.0.0 and no client would
be assigned public IP 0.0.0.0. Thus 0.0.0.0 usually only mentioned with
/0 meaning all, useless otherwise. I mentioned nothing about the other
IPs (which might be just single global IPs).

Either masked or unmasked is correct for single IPs.
But ever mind, later suggestions at configs are better than the initial
you started with anyway.

> My question
> here was based on the fact that you added three periods and I did not know if
> that had a specific meaning or you were indicating that I should replace them
> with whatever IP's I had.

Not mentioned by me, maybe Henrik, but I came to the same assumption
reading it.

Amos
Received on Thu Jun 14 2007 - 18:30:47 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT