François Boisson a écrit :
Le Sat, 17 Feb 2007 12:50:14 +0100
david_Pailler <[EMAIL PROTECTED]> a écrit:
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
http_reply_access allow all
icp_access allow all
voila
et j'ai rajouté
acl localnet src 192.168.0.0/255.255.255.0
et
http_access allow localnet
avant
deny all
essayes en mettant
acl mesmachines src 192.168.0.1-192.168.0.254
(en dessous de la ligne
acl localhost src 127.0.0.1/255.255.255.255)
et rajoute
http_access allow mesmachines
vers le début. Pour être sur que c'est ça, essaye en mettant tout
d'abord
http_access allow all
au tout début des règles http_access...
Pas de changement.
bon voila le fichier squid.conf dans son intégralité (désolé ...!)
[options...]
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# OPTIONS WHICH AFFECT THE CACHE SIZE
#
-----------------------------------------------------------------------------
# auth_param digest program /usr/lib/squid/digest_auth_pw
/usr/etc/digpass
#
#
#
# By default, the ntlm authentication scheme is not used unless a
# program is specified.
#
# Note: If you're using Samba >= 3.0.2, please install the winbind
# package and use the ntlm_auth helper from that package.
#
# auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
#
# "children" numberofchildren
# The number of authenticator processes to spawn (no default). If you
# start too few Squid will have to wait for them to process a backlog
# of credential verifications, slowing it down. When crendential
# verifications are done via a (slow) network you are likely to need
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl localnet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl mesmachines src 192.168.0.1-192.168.0.254
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
redirect_program /usr/bin/squidGuard
redirect_children 10
# Only allow cachemgr access from localhost
http_access allow all
http_access allow mesmachines
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
#http_access allow our_networks
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
#
#Allow ICP queries from everyone
icp_access allow all
--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.net/?DebianFrench
Vous pouvez aussi ajouter le mot ``spam'' dans vos champs "From" et
"Reply-To:"
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
