Thread: SQUID ACL Problem

View Single Post
  #10 (permalink)  
Old 12-07-2006, 12:49 AM
monk's Avatar
monk monk is offline
Senior Member
User
  
Join Date: Jan 2005
Location: Tibet
OS: Debian GNU/Linux
Posts: 506
Thanks: 0
Thanked 8 Times in 6 Posts
Rep Power: 7
monk has a spectacular aura about monk has a spectacular aura about
Default
Ok here is correct ACL for you:

Code:
acl all src 0.0.0.0/0.0.0.0

acl PrivateNet src 192.168.0.0/24 192.168.1.0/24
acl specific src 10.120.1.225-10.120.1.254/24
acl restnetwork src 10.120.1.1-10.120.1.224/24
acl deniedsites dstdomain "/usr/local/squid/etc/denied-sites/restriction.acl"
http_access allow specific
http_access allow restnetwork !deniedsites

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access deny all
Note that how rule is written:

http_access allow restnetwork !deniedsites

It means allow them to browse anything except site specified in deniedsites ACL. This is good to block illegal or pron site. ! act as not.
Reply With Quote