Search squid archive

RE: ACL lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Saul,

It works a treat mate and thanks again for a quick response.

Regards,

Garry Chapple

-----Original Message-----
From: saul waizer [mailto:swaizer@xxxxxxxxxxx] 
Sent: Wednesday, 12 March 2008 5:24 AM
To: squid-users@xxxxxxxxxxxxxxx
Cc: Garry D. Chapple
Subject: RE:  ACL lists

Garry,

Here are some examples I prepared for you:

acl badguys src 6.0.0.0/8
acl badguys2 src 2.0.0.0/8
acl intruder src 10.10.10.16
acl workstation src 10.10.10.19
acl our_networks src 192.168.1.0/24



http_access deny badguys
http_access deny badguys2
http_access deny intruder
http_access allow workstation
http_access allow our_networks

http_access deny all


Brief explanation on these ACL's:

I use a general acl called badguys to prevent access from an entire
network
class, I.E. someone doing a DoS attack on your network from multiple
IP's on
the same class.

Intruder: A kid with a script trying to use your squid coming from the
same
ip (Your question about deny a single host)

The rest is self explanatory, you can call the acl's whatever you want.

After an acl you must have a rule matching the ACL name, so here is
where
you either allow or deny access based on your ACL's, see the http_access
"allow or deny" above.

Last, but also the most important, at the end of all your ACL's put
"http_access deny all" so you can secure your installation based on your
newly created ACL's

Hope it helps
Saul Waizer




-----Original Message-----
From: Garry D. Chapple [mailto:garryc@xxxxxxxxxxxxxxxx] 
Sent: Monday, March 10, 2008 8:27 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject:  ACL lists

Hi,

I am a complete Squid newb with my first install done only yesterday,
2.6 stable(18). Can someone please help with basic ACL config for
network IP's, I would like to allow my local network and restrict just
one or two hosts by IP address. I have Googled a little but as there are
so many ACL configurations it's difficult to know which one works!

Squid is up and running well and I have an ACL to allow my local network
(acl our_networks src 192.168.1.0/24) but how do I then deny access to
just a single host IP? Any examples or good web sites with these kinds
of examples would be much appreciated.

Regards,

Garry C

No virus found in this incoming message.
Checked by AVG. 
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date:
3/11/2008
1:41 PM
 

No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.518 / Virus Database: 269.21.7/1325 - Release Date:
3/11/2008
1:41 PM
 



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux