Re: Squid Multiple ACL

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

ScarEye wrote:
> Squid is installed on an embedded device, With 16MB of RAM and 8MB of PROM it
> would fill up within a few seconds. 

Cool.
  One of my long- to medium-term objectives is to make it easy to build 
a slimline Squid for these types of environment.  Are you able to share 
the build options and patches you used to get Squid to run in less than 
16MB of RAM?

> We have this one computer that needs access to 3 websites that I don't want
> 192.168.1.2-192.168.1.10 to have access to. The IP of that device will be
> 192.168.1.60 how would I create a seperate ACL for that device that won't
> interfere with 192.168.1.2-192.168.1.10.

acl specialWebsite dstdomain .website.example.com
acl specialSrc src 192.168.1.60

adding:
  http_access allow specialSrc specialWebsites
  http_access deny specialWebsites

above the "# users"  part of your config.

Amos

> Thanks for your time
>
> ScarEye
>
>
>
> Amos Jeffries-2 wrote:
> > So....
> >
> > On Tue, 15 Sep 2009 10:39:11 -0700 (PDT), ScarEye <scareye@xxxxxxxxx>
> > wrote:
> > > #Squid Config Stuff
> > > cache_access_log none
> > > cache_store_log none
> > > cache_log /dev/null
> > That log is where you find out what critical and important system errors
> > are happening.
> > So you as administrator can fix them.
> >
> > > cache_effective_user nobody
> > > cache_dir null /dev/null
> > > http_port 3128 transparent
> > > pid_filename /var/run/squid.pid
> > > visible_hostname router
> > > # Supervisors With Unlimited Access
> > > ## Match by MAC 
> > > acl supmac arp "/etc/mac.txt"
> > > http_access allow supmac 
> > > http_reply_access allow supmac
> > > ## Match By IP 
> > > acl supip src "/etc/supip.txt"
> > > http_access allow supip 
> > > http_reply_access allow supip
> > > # users
> > > acl users src 192.168.1.2-192.168.1.10
> > > acl allowedsites dstdomain "/etc/squid/acl/acl"
> > > http_access allow allowedsites users
> > > http_access deny !allowedsites users
> > > deny_info http://www.my-site.com/ users
> > > http_reply_access allow users
> > > # Safe Ports
> > > acl Safe_ports port 80 21 443 563 70 210 1025-65535
> > > http_access deny !Safe_ports
> > > # Not Safe Ports
> > > acl Dangerous_ports port 7 9 19 22 23 25 53 109 110 119
> > > http_access deny Dangerous_ports
> > > # Anyone Not Already Matched
> > > acl all src 0.0.0.0/0.0.0.0
> > > http_access deny all
> > >
> > > So the above rules work perfectly, they do exactly I need for it to do.
> > > Now,
> > > what I need to do is the following.
> > >
> > > Add a rule to allow an IP 192.168.1.60 to look at a different acl. Like
> > > acl2
> > > or something.
> > ... huh?
> >
> >
> >
> > Amos


--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13