> i run squid on my pc act as gateway, and also run webserver on it. after i > have problem with ipchains rules for restricting my pc on network, i'm use > acl for restricting. but right now my webserver locked, can't be accessed > from outside. did i make a mistake on squid.conf ?
Lets look in to the squid.conf. > and i also need example > acl to block some sites that contain xxx, porn,babes etc > create an acl with dstdomain_regex as acl blocksite dstdomain_regex -i xxx porn babes where -i is used to Ignore uppercase/lowercase distinctions during comparisons > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl ictnetwork src 192.168.2.2 192.168.2.3 192.168.2.4 192.168.2.5 > 192.168.2.29 192.168.2.30 > acl amcorpc src 192.168.2.21 192.168.2.22 192.168.2.23 192.168.2.24 If you use the src acl, use the netmask with the ip-address. We can use the limit of ip-address in your situation as like acl ictnetwork src 192.168.2.2-192.168.2.5/32 192.168.2.29-192.168.2.30/32 acl amcorpc src 192.168.2.21-192.168.2.24/32 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 > acl Safe_ports port 21 > acl Safe_ports port 443 563 > acl Safe_ports port 70 > acl Safe_ports port 210 > acl Safe_ports port 1025-65535 > acl Safe_ports port 280 > acl Safe_ports port 488 > acl Safe_ports port 591 > acl Safe_ports port 777 > acl CONNECT method CONNECT These are all default settings. > acl local dstdomain "allowedhost" > acl localip dst "allowedip" what is the contents in the allowedhost,allowedip files and their locations. > acl ebsco dstdom_regex epnet.com If you want to set the acl for *.epnet.com domain use dstdomain itself as acl ebsco dstdom .epnet.com > http_access allow manager localhost > http_access allow ictnetwork > http_access allow amcorpc local > http_access allow amcorpc localip > http_access allow amcorpc ebsco > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access deny all > what is your requirement to set the http_access? It is good to validate your settings. Regards, Muthukumar. --- =============== It is a "Virus Free Mail" =============== Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.707 / Virus Database: 463 - Release Date: 6/15/2004
