HPE Community
Operating System - Linux
1820483 Members
2669 Online
109624 Solutions
New Discussion юеВ

squid acl - plz help

 
SOLVED
Go to solution
Maaz
Valued Contributor

тАО10-06-2006 06:56 AM

тАО10-06-2006 06:56 AM

squid acl - plz help

acl mynet src 192.168.1.0/24
httpd_access allow mynet

Now I have to deny 192.168.1.13-34 and 192.168.40-71. Right now I have done the following
acl mynet src 192.168.1.0/24

acl pc13 src 192.168.1.13/32
.
.
.
acl pc13 src 192.168.1.34/32
acl pc13 src 192.168.1.40/32
.
.
.
acl pc13 src 192.168.1.71/32



httpd_access deny pc13
.
.
httpd_access deny pc34
.
.
httpd_access deny pc71
httpd_access allow mynet

Any better approach/suggestion/efficient way to acheive the target ? plz share

Regards
Maaz
0 Kudos
Reply
5 REPLIES 5
Maaz
Valued Contributor

тАО10-06-2006 07:03 AM

тАО10-06-2006 07:03 AM

Re: squid acl - plz help

I made mistake in previous post, following are the correct acls.
acl pc13 src 192.168.1.13/32
.
.
.
acl pc34 src 192.168.1.34/32
acl pc40 src 192.168.1.40/32
.
.
.
acl pc71 src 192.168.1.71/32

Thanks
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО10-06-2006 07:16 AM

тАО10-06-2006 07:16 AM

Re: squid acl - plz help

This will also work:
acl mynet src 192.168.1.0/24
acl bad_pc src 192.168.1.34 192.168.1.40 192.168.1.71
httpd_access deny bad_pc
httpd_access allow mynet

you can get more info here:
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-07-2006 06:01 AM

тАО10-07-2006 06:01 AM

Re: squid acl - plz help

Shalom Maaz,

You configuration is fine, don't forget to test it to make sure it denies and allows as you think it should.

Even after sucessfully making this work for RHCE class I'm not a big fan of this tool. I suppose its useful to improve access speeds by caching content.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Maaz
Valued Contributor

тАО10-12-2006 02:34 AM

тАО10-12-2006 02:34 AM

Re: squid acl - plz help

Thanks Alexander and SEP, and sorry for late ack.

>acl bad_pc src 192.168.1.34 192.168.1.40 192.168.1.71
>httpd_access deny bad_pc
Alexander, this will only blck 3 machines i.e 34, 40, and 71. I need to deny the range of ipes .. from 13-34, and from 40-71.

Anyway thanks for help.

Regards
Maaz
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО10-12-2006 03:02 AM

тАО10-12-2006 03:02 AM

Solution

Re: squid acl - plz help

A best approach will be to use an external file and add to the file all IP addresses that are denied, for example:

acl badip src "/etc/squid/ip.deny"
http_access deny badip

Then specify the denied ip addresses in the ip.deny file, one IP by line.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.