On 06/27/2017 12:31 AM, Vieri wrote:
> http_access deny denied_restricted1_mimetypes_req
> !allowed_restricted1_domains !allowed_restricted1_ips
> http_reply_access deny denied_restricted1_mimetypes_rep
> !allowed_restricted1_domains !allowed_restricted1_ips
> http_access deny intercepted
Please bear with me because I still don't quite grasp the AND logic with ACLs.
Let's consider the logic "http_access deny (if) X (and) Y (and) Z" and the
following squid configuration section:
[squid.conf - start]
acl denied_restricted1_mimetypes_req req_mime_type -i
From: Amos Jeffries
>> I'd like to allow by default and deny only according to the ACLs I define.
>>
>> Here's an example with Telegram. I'd like to deny all
>> application/octet-stream mime types in requests
>> and replies except for a
On 26/06/17 20:46, Vieri wrote:
Hi,
I'd like to allow by default and deny only according to the ACLs I define.
Here's an example with Telegram. I'd like to deny all application/octet-stream
mime types in requests and replies except for a set of IP addresses or domains.
Er, deny is the
Hi,
I'd like to allow by default and deny only according to the ACLs I define.
Here's an example with Telegram. I'd like to deny all application/octet-stream
mime types in requests and replies except for a set of IP addresses or domains.
acl denied_restricted1_mimetypes_req req_mime_type -i
On 12/29/2016 10:44 PM, Amos Jeffries wrote:
> The intended design for ACLs is that basic/primitive tests check one
> piece of state data and get chained explicitly in the access lines for
> AND/OR conditions. That way it is clear what is being processed and
> matched (or not matched).
The
On 2016-12-31 10:58, Ivan Larionov wrote:
I'm a bit confused now. Examples from default config:
acl localnet src 10.0.0.0/8 [2] # RFC1918 possible internal
network
acl localnet src 172.16.0.0/12 [3] # RFC1918 possible internal
network
acl localnet src 192.168.0.0/16 [4] # RFC1918 possible
I'm a bit confused now. Examples from default config:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC
On 2016-12-29 21:01, Ivan Larionov wrote:
I see behavior change after update from squid 2.7 to 3.5:
I have following ACLs which I later use for cache_peer_access:
acl header req_header header_a -i true
acl header req_header header_b -i true
# name1 parent
cache_peer 127.0.0.1 parent 18070 0
I see behavior change after update from squid 2.7 to 3.5:
I have following ACLs which I later use for cache_peer_access:
acl header req_header header_a -i true
acl header req_header header_b -i true
# name1 parent
cache_peer 127.0.0.1 parent 18070 0 no-query no-digest name=name1
Dear i need some clarifications about the AND operator in http_access (or
any other tokens using ACLs)
I cannot found where i'm missed...
I need to bann some websites except for some specified users.
i create 2 acls:
acl MyAllowedU proxy_auth david jhon mirna
acl bannedw dstdomain .msn.com
On 19/02/2013 8:19 a.m., David Touzeau wrote:
Dear i need some clarifications about the AND operator in
http_access (or any other tokens using ACLs)
I cannot found where i'm missed...
I need to bann some websites except for some specified users.
i create 2 acls:
acl MyAllowedU proxy_auth
Hi everyone!
I need my squid to deal with some users in a different way. I'm
running kerberos authetication scheme, so only authenticated users can
access the cache. How could I make an ACL to group some authenticated
users in order to deny or allow some urls especific to them? But
notice this,
On 3/02/2012 7:41 a.m., Wladner Klimach wrote:
Hi everyone!
I need my squid to deal with some users in a different way. I'm
running kerberos authetication scheme, so only authenticated users can
access the cache. How could I make an ACL to group some authenticated
users in order to deny or
looking for guidance on creating delay pools, something I've never done
before and because its a production system, I'd like to minimize my
down time or the amount of time i'd be here if I have to come in on the
weekend to do it.
the intent is to limit bandwidth to a list of external
On 2/12/2011 5:43 a.m., Greg Whynott wrote:
looking for guidance on creating delay pools, something I've never
done before and because its a production system, I'd like to minimize
my down time or the amount of time i'd be here if I have to come in on
the weekend to do it.
It looks
Hi all...
I need help...
I would like to understand why squid refuse the SSL upload command using
'ldapauth'
here it is the debug events :
2011/05/19 12:39:17.931| httpParseInit: Request buffer is CONNECT
lennyleonard.wetransfer.com:443 HTTP/1.0
Host: lennyleonard.wetransfer.com:443
2011/05/19
On 20/05/11 01:27, David Touzeau wrote:
Hi all...
I need help...
I would like to understand why squid refuse the SSL upload command using
'ldapauth'
here it is the debug events :
2011/05/19 12:39:17.931| httpParseInit: Request buffer is CONNECT
lennyleonard.wetransfer.com:443 HTTP/1.0
Host:
Hi, i´m a basic (basic basic as gwbasic) configurator of squid, and I need
to deny facebook to some users on my network.
I think
deny1.txt (content)
.facebook.com
.fbcdn.net
acl denied1 dstdomain /usr/local/etc/squid/deny1.txt
how I apply this to only one ip ? (for example 192.168.5.60)
Correct, just when you need to restrict a particular IP, you need a
second ACL to match it, and stack the http_access deny line. ie:
acl denied_ip src 192.168.5.60
http_access deny denied1 denied_ip
FYI, Facebook added another domain recently, so you may want to add it.
I don't recall what it
On Wed, 13 Apr 2011 10:37:12 -0300, Soporte Técnico wrote:
Hi, i´m a basic (basic basic as gwbasic) configurator of squid, and I
need
to deny facebook to some users on my network.
I think
deny1.txt (content)
.facebook.com
.fbcdn.net
acl denied1 dstdomain “/usr/local/etc/squid/deny1.txt”
how
Much appreciated for the previous help.
Some more clarification on the in-line requests below.
On Wed, Nov 10, 2010 at 2:38 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 09/11/10 20:25, Edmonds Namasenda wrote:
Dear all.
Using openSuse 11.2 and Squid 3.0 Stable 18
Besides commenting out
yay! :)
On 11/11/10 23:39, Edmonds Namasenda wrote:
Much appreciated for the previous help.
Some more clarification on the in-line requests below.
On Wed, Nov 10, 2010 at 2:38 PM, Amos Jeffriessqu...@treenet.co.nz wrote:
On 09/11/10 20:25, Edmonds Namasenda wrote:
Dear all.
Using openSuse
Yeah, I guess I am getting there.
Please look in-line...
How do I enforce password authentication ONLY ONCE for users to
What do you mean by ONLY ONCE? A user can be authenticated or not, there is
no multiple about it.
No continuous authentication required with every URL accessed or
On 12/11/10 01:22, Edmonds Namasenda wrote:
Yeah, I guess I am getting there.
Please look in-line...
How do I enforce password authentication ONLY ONCE for users to
What do you mean by ONLY ONCE? A user can be authenticated or not, there is
no multiple about it.
No continuous
Thank you all.
On Thu, Nov 11, 2010 at 4:19 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 12/11/10 01:22, Edmonds Namasenda wrote:
No continuous authentication required with every URL accessed or
re-directions once the first log-in is accepted.
Understood. That is not possible.
HTTP is
Amos, thank you for the responses always.
On Thu, Nov 11, 2010 at 6:56 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 12/11/10 04:08, Edmonds Namasenda wrote:
I believe I am a better squid administrator than when I joined. Throw me a
bone!
Switch users with browsers and you have it
On 12/11/10 18:18, Edmonds Namasenda wrote:
Amos, thank you for the responses always.
On Thu, Nov 11, 2010 at 6:56 PM, Amos Jeffriessqu...@treenet.co.nz wrote:
On 12/11/10 04:08, Edmonds Namasenda wrote:
I believe I am a better squid administrator than when I joined. Throw me a bone!
FWIW: this is all covered in details in the wiki:
http://wiki.squid-cache.org/Features/Authentication
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
Hello,
I've been given a homework connected with ACLs in Squid. Unfortunately
there is no way to simulate the environment so I wrote acl rules off
the top of my head. So please, check it.
Probably there is a mistake in the scenario. Designers and programmers
are in the same subnet and they should
Hello,
I've been given a homework connected with ACLs in Squid. Unfortunately
there is no way to simulate the environment so I wrote acl rules off
the top of my head. So please, check it.
Probably there is a mistake in the scenario. Designers and programmers
are in the same subnet and they should
Hello,
I've been given a homework connected to ACLs in Squid. Unfortunately
there is no way to simulate the environment so I wrote acl rules off
the top of my head. So please, check it.
Probably there is a mistake in the scenario. Designers and programmers
are in the same subnet and they should
Hello,
I cannot upload my post because Security System detected prohibited
content in my mail (probably urls of denied websites in ACL), so I'm
giving a link to txt file:
Description of my problem is here: http://www.partyinfo.com.pl/aatempaa/acl.txt
Please, help
Dylan Palmboom wrote:
Hi
I have searched all over for an answer to this but could not find
anything...
Please could someone explain to me what the best practice is when it comes
to
blocking ip addresses in a dhcp environment. If I block an ip address with
eg.
acl BlockedHost src 192.168.1.15
On 02.04.09 03:00, Merdouille wrote:
i use a transparent squid proxy and i want :
- access as manager with squidclient from localhost only
- allow only computer from localhost to go every where
My ACLs :
#== ACL
# nom type
acl allsrc
Merdouille wrote:
I used :
http_access allow manager localhost
http_access allow localnet PROTO METHOD
http_access deny all !port
I try to add deny_info options :
deny_infoTCP_RESET !manager !localhost
deny_infoTCP_RESET !localnet
deny_info
I know its a strange config!
We have few webserver with hudge charge and those server needs files from
others compagnies.
This squid instance will cache those files.
For TCP_RESET, it maybe a bad for our server!
But it'll be usefull for others instances of squid i need.
I write init.d scripts
Merdouille wrote:
Hi
i use a transparent squid proxy and i want :
- access as manager with squidclient from localhost only
== http_access allow manager localhost
- allow only computer from localhost to go every where
== http_access allow locahost
These ACL you ask about are the
I used :
http_access allow manager localhost
http_access allow localnet PROTO METHOD
http_access deny all !port
I try to add deny_info options :
deny_infoTCP_RESET !manager !localhost
deny_infoTCP_RESET !localnet
deny_infoTCP_RESET
After much fussing, I seem to have a working Squid 2.6 working against
a Samba 3 PDC.
My only question is now, can I say, ok, if you finds my username, give
it complete access.
Then perhaps, if it sees user, bob perhaps, then it says, only give
them windowsupdate.microsoft.com.
Then if it sees
Adam McCarthy escreveu:
After much fussing, I seem to have a working Squid 2.6 working against
a Samba 3 PDC.
My only question is now, can I say, ok, if you finds my username, give
it complete access.
Then perhaps, if it sees user, bob perhaps, then it says, only give
them
this is my config
hepworth squid # grep ^acl /etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
snip
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl andrew proxy_auth
acl emma proxy_auth
acl QUERY
mån 2008-03-31 klockan 22:13 +0100 skrev paul cooper:
this is my config
hepworth squid # grep ^acl /etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
snip
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method
On Tue, 2008-03-25 at 15:07 +, paul cooper wrote:
so is what i want to do actually possible ?
unixlogin emma logged into VT7
unixlogin andrew - VT8
web page request from either - squid requests login
For trusted stations you can make use of the ident service to tell Squid
which user
paul cooper wrote:
there is something in all this i really am not understanding.Sorry to be
so stupid.
AIUI now, it looks at the ACLs and processes them until it finds one that
matches, and then it stops matching them and allows access. It will only
deny a page when its has processed all the
so is what i want to do actually possible ?
unixlogin emma logged into VT7
unixlogin andrew - VT8
web page request from either - squid requests login
if its emma !testing - access denied
if its emma testing - access allowed
switch to VT8 ( andrews desktop)
web page request - squid requests
Hi,
On Tue, Mar 25, paul cooper wrote:
so is this login stored in the cache somewhere ?
I need to flush the cache when i change user ?
squid caches the authentication results, I think the default is 2h.
Please have a look for the keywords in your default squid.conf:
max_user_ip and
paul cooper wrote:
so is what i want to do actually possible ?
If I understand your intentions correctly yes it is:
http_access deny !Safe_ports
http_access emma weekends
http_access andrew
http_access deny
non-safe port access denied
emma only logging in on weekends, not accepted
there is something in all this i really am not understanding.Sorry to be
so stupid.
AIUI now, it looks at the ACLs and processes them until it finds one that
matches, and then it stops matching them and allows access. It will only
deny a page when its has processed all the ACLS and NOT found a
4 users , 1 machine, with squid running and a GUI
Im having problems getting the time-based ACLs sorted. To test it ive
added a sat/sun ACL which should allow access between 08:00 and 10:00
Config 1
hepworth emma # cat /etc/squid/squid.conf |grep ^acl
acl all src 0.0.0.0/0.0.0.0
acl
paul cooper wrote:
4 users , 1 machine, with squid running and a GUI
Im having problems getting the time-based ACLs sorted. To test it ive
added a sat/sun ACL which should allow access between 08:00 and 10:00
Your time ACL appears to be working. It's your usage of http_access
thats
Hello,
I've upgraded my squid 2.6 STABLE18 Squid 3 on FreeBSD 7.0.
Apparently, the http_acccess are not processed in proper order anymore
in Squid 3.
I have a couple of acls:
acl PROXYUSERS proxy_auth REQUIRED
acl XYZ dst XXX.YYY.AAA.BBB
acl FREE src /squid/etc/IPS.free # IPs that shouldn't
Or any other external source for that matter. i'm looking for the ability
to *define* ACLs dynamically, not just statically reference a dynamic list
of urls (for example).
This is to allow on-the-fly creation of groups, and new policies that
apply to those groups, without editing squid.conf and
[EMAIL PROTECTED] wrote:
Or any other external source for that matter. i'm looking for the ability
to *define* ACLs dynamically, not just statically reference a dynamic list
of urls (for example).
This is to allow on-the-fly creation of groups, and new policies that
apply to those groups,
I've recently installed a Squid 2.6STABLE16 system in a country that
requires all web browsing to go through a government-specified proxy
server. The Government runs a non-transparent proxy setup that must be
explicitly listed in the Squid configuration.
That would normally be easy, as all I'd
I've recently installed a Squid 2.6STABLE16 system in a country that
requires all web browsing to go through a government-specified proxy
server. The Government runs a non-transparent proxy setup that must be
explicitly listed in the Squid configuration.
That would normally be easy, as all
When I said 192.168.X.X. I want to say to control machines with
ip-address from 192.168.0.1 to 192.168.255.254.
I am grateful to Diego Woitasen say to me:
acl myclients src 192.168.0.0/16 or 255.255.0.0
http_access allow myclients
Is it correct?
Thanks.
Hi,
If I want to define an ACL to permit access to all users of
192.168.X.X 255.255.255.0
acl myclients src 192.168.0.0/24
http_access allow myclients
Are the before commands ok?
Thanks.Bye.
No
That will allow access for the 192.168.0.x network.
192.168.0.0 / 16 will work for the class B
-Original Message-
From: Josep Girbés [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 August 2005 10:24 a.m.
To: squid-users@squid-cache.org
Subject: [squid-users] ACLs
Hi,
If I want
If I want to define an ACL to permit access to all
users of
192.168.X.X 255.255.255.0
http_access allow myclients
Yes. IF you want to control machines with ip-address
from 192.168.0.1 to 192.168.0.255.
acl myclients src 192.168.0.0/24
http_access allow myclients
or
On Sun, 20 Feb 2005 07:18 am, [EMAIL PROTECTED] wrote:
If I place my ACL definitions in a text file, and add URLs to the file
during working hours, is it sufficient to just save the file for the new
URLs to be allowed, or is it necessary to do something like rotating logs
or restarting Squid?
On Tue, 22 Feb 2005, James Gray wrote:
Henrik: is there a major difference between sending a HUP signal or using -k
reconfigure ???
None really.
With -k you don't need to figure out which pid to send the signal to as
Squid does this for you..
Regards
Henrik
[EMAIL PROTECTED] said:
If I place my ACL definitions in a text file, and add URLs to the file
during working hours,
is it sufficient to just save the file for the new URLs to be allowed, or
is it necessary to
do something like rotating logs or restarting Squid?
sbin/squid -k reconfigure
If I place my ACL definitions in a text file, and add URLs to the file during
working hours,
is it sufficient to just save the file for the new URLs to be allowed, or is it
necessary to
do something like rotating logs or restarting Squid?
On Mon, 12 Jul 2004, Boniforti Flavio wrote:
I was actually thinking to place the RegEx filters (with which I use to
filter out multimedia/streaming content) in squid.conf, instead of using
them with squidguard... What do you think of this? I mean: I actually
should allow *some* people to
Hello all!
I was reviewing my squid setup after several months of nice activity,
when I stumbled over some ACLs I've defined long time ago.
I noticed also that I'm using squidguard integrated with squid to filter
off some multimedia content with regular expressions.
Now, what I'd like to know
computer terminals
are being used for what the intended purpose, and clients can't go to bad
types of sites with them.
Good luck
Angela
-Original Message-
From: Boniforti Flavio [mailto:[EMAIL PROTECTED]
Sent: July 12, 2004 10:19 AM
To: [EMAIL PROTECTED]
Subject: [squid-users] ACLs
Angela Burrell ha scritto:
Squidguard, as far as i know, still being updated, but there is no mailing
list for it. I use squidGuard and I like it. Squid ACLs might be fine for
you, it depends on what your needs are.
I was actually thinking to place the RegEx filters (with which I use to
filter
On Mon, 2004-07-12 at 10:59, Angela Burrell wrote:
Squidguard, as far as i know, still being updated, but there is no mailing
list for it.
There have been no formal updates since Dec 2001. There may be lots of
informal patches out there though.
List is very low volume. List and archives are
it was last updated.
--Angela
-Original Message-
From: Boniforti Flavio [mailto:[EMAIL PROTECTED]
Sent: July 12, 2004 11:14 AM
To: Angela Burrell
Cc: squid users
Subject: Re: [squid-users] ACLs and squidGuard!?
Angela Burrell ha scritto:
Squidguard, as far as i know, still being updated
On Tue, 13 Apr 2004, Santiago Montalvan wrote:
I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2,
128MB of RAM, and a 15.7GB HD. That said I believe I can move on and
address some of the questions I have.
1) I would like to change the error messages to show the
I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2,
128MB of RAM, and a 15.7GB HD. That said I believe I can move on and
address some of the questions I have.
1) I would like to change the error messages to show the actual time and not
the GMT time but I cannot find how
I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2,
128MB of RAM, and a 15.7GB HD. That said I believe I can move on and
address some of the questions I have.
1) I would like to change the error messages to show the actual time and not
the GMT time but I cannot find how
allow !porn !porn1
no_cache deny all
Again, I am not sure if the above is correct.
Thanks,
Santiago.
Sent: Tuesday, April 13, 2004 8:28 PM
To: [EMAIL PROTECTED]
Subject: [squid-users] ACLs + Some Questions
I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2,
128MB
Hi all !!
How can i know which ACL is allowing or denying access to a site
(whitout increasing the log level and looking for it in the cache.log)
Is there any command line utility to do that ??
Thanks
Diego
On Tue, 24 Feb 2004, galle wrote:
Hi all !!
How can i know which ACL is allowing or denying access to a site
(whitout increasing the log level and looking for it in the cache.log)
Not easy, but you could use deny_info returning different messages
depending on the acl.
Is there any
I am using squid version 2.5.STABLE1-2 on RedhHat
Linux 9.0 with smb_auth as an authenticating agent for
a Windows domain. I have two distinct groups of
users: Those who can are allowed to access most web
sites and those who can access only a limited number
of selected sites (using a list that
On Mon, 19 Jan 2004, Sylvester Manx wrote:
1. How can I design ACLs that allow users within
these two groups to be recognized by squid and
You have two options
a) Define the groups explicitly by listing the user names in proxy_auth
acls, either directly in squid.conf or in an included flat
Hi all,
1)
I have a number of files that are my blacklist.
acl blacklist url_regex -i /etc/squid/block/blacklist1
acl blacklist url_regex -i /etc/squid/block/blacklist2
Does squid search each file, in the order above,
trying to match the request? Or it reads the files
once at startup and make
On Thursday 31 July 2003 21.08, Fernando Maior wrote:
acl blacklist url_regex -i /etc/squid/block/blacklist1
acl blacklist url_regex -i /etc/squid/block/blacklist2
Does squid search each file, in the order above,
trying to match the request? Or it reads the files
once at startup and make
hello,
I have implemented ACL's to restrict some users from browsing at specified
timesguess what some users are changing their IP addresses and
browse...
Is they way squid can handle this?
Frank
You asked this question earlier; you don't need to post it again.
Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
I have implemented ACL's to restrict some users from browsing
at specified timesguess what some users are changing
their IP addresses and browse... Is they way squid can handle
this?
You could try using authentication, and then use the username
instead of the IP address as the basis for
fre 2003-07-25 klockan 13.55 skrev Frank Chibesakunda:
hello,
I have implemented ACL's to restrict some users from browsing at specified
timesguess what some users are changing their IP addresses and
browse...
Is they way squid can handle this?
Yes, by using authentication rather
I think this message didn´t go to the list. Here it is...
-
Hello,
Sometimes I get an URL that is being blocked by squid. Since I have lots
of ACLs, to discover which one is blocking, I have to set DEBUG on squid,
reconfigure, test, and quickly back DEBUG on squid.conf to normal operation
(I
G'day,
I am using an external auth program to authenticate users, which is
working correctly, with RedHat 9.0 and 2.5.STABLE1.
I have a strange situation, where the acls are working as designed, and
the http_access rules are denying and allowing as requested, but instead
of displaying an error
On Wednesday 28 May 2003 04.57, Josh Dixon wrote:
I have a strange situation, where the acls are working as designed,
and the http_access rules are denying and allowing as requested,
but instead of displaying an error page to the browser, it prompts
the user for their username password.
87 matches
Mail list logo