On Tuesday 20 December 2005 12:17, M.K. tenNapel wrote: > My boss asked me to put all network-IP's into certain groeps > and that determine the acces each group should allowed to have. > The problem is that this list is rather large. I could just place > all Ip's on 1 line in /etc/squid/squid.conf, like this: > > acl Group_MaxAllowed src 192.168.1.5 192.168.1.6 192.168.1.7 etc etc > > but this would make myconfiguration file messy and difficult to > maintain. So I tried this: > > acl Group_MaxAllowed src 192.168.1.5 #Da Boss > 192.168.1.6 #My IP > 192.168.1.7 # Some other IP > > But squid did not like that. I even tried to put all the IP that should > be in that specific group into a textfile and put something like this in > squid.conf: > > acl Group_MaxAllowed url_regex "/path/to/ip-list" > acl Group_MaxAllowed src_regex "/path/to/ip-list" > > But Squid didn't like that either. So, could someone give me some > examples to do this as efficiend and nice as possible? The mistakes in the above example: - you redefine the Group_MaxAllowed (ACLs need unique names) - you don't use the ACLs (in a "http_access" statement) - URLs and Source-IPs are different types - you refer to the same files for IPs and URLs So a (hopefully) working example for your case: ==== acl Src_MaxAllowed src "/path/to/ip-list" acl Url_MaxAllowed url_regex "/path/to/url-list" http_access allow Src_MaxAllowed Url_MaxAllowed http_access deny ==== ip-list: ==== 192.168.1.0/24 10.0.0.154 10.5.1.58 ==== url-list: ==== ^http://www\.vivisimo\.com/ ^http://www\.google\.com/ ==== Please read about how ACLs working the documentation. And my favorite wiki link: http://workaround.org/moin/HowSquidAclsWork Instead of "url_regex" you should check if a "dstdomain" type ACL is suited better. Christoph -- ~ ~ ".signature" [Modified] 2 lines --100%-- 2,41 All
