Differences

This shows you the differences between two versions of the page.

--- squid:acls [2020/04/07 10:32] – [Using the ACLs - http_access] peter
+++ squid:acls [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 88: / Line 88: @@
 <code>
-http_access allow accesses_from_admins
+http_access allow access_from_admins
-http_access deny accesses_to_porn_urls
+http_access deny access_to_porn_urls
-http_access allow accesses_during_lunchtime
+http_access allow access_during_lunchtime
 http_access deny all
 </code>
-This would allow accessing from the admins (whatever that ACL looks like – probably a src ACL pointing to the subnet where the admin workstations are in).
+  * This would allow accessing from the admins (whatever that ACL looks like – probably a src ACL pointing to the subnet where the admin workstations are in).
+  * For everyone else it will deny accesses to porn URLs.
+  * Then it would allow accesses from everyone to every web site during lunch time.
+  * And finally all other accesses would be denied.
-For everyone else it will deny accesses to porn URLs.
+Example 2:
+<code>
+acl localhost src 127.0.0.1/32 ::1
+acl all src 0.0.0.0/0.0.0.0
+http_access allow localhost
+http_access deny all
+</code>
+  * localhost has free access to everything while all other hosts are denied access completely.
+Example 3:
+<code>
+acl localhost src 127.0.0.1/32 ::1
+acl all src 0.0.0.0/0.0.0.0
+acl teachers src 192.168.10.0/255.255.255.0
+acl students src 192.168.20.0-192.168.30.0/255.255.255.0
+acl lunch time MTWHF 12:00-13:00
+http_access deny localhost
+http_access allow teachers
+http_access allow students lunch time
+http_access deny all
+</code>
+  * The group teachers always has access to the Internet.
+  * The group students only has access between Monday and Friday during lunch time.
-Then it would allow accesses from everyone to every web site during lunch time.
-And finally all other accesses would be denied.
+<WRAP tip>
+**TIP**:  For readability, within the configuration file /etc/squid/squid.conf, specify all **http_access** options as a block.
+</WRAP>
 ----
@@ Line 130: / Line 164: @@
 ===== Custom error pages (deny_info) =====
-By default when you deny access the user gets the error page that is stored in the ERR_ACCESS_DENIED file.
+By default when you deny access the user gets the error page that is stored in the **ERR_ACCESS_DENIED** file.
-But luckily you can define your own custom error pages and display them when you deny certain accesses. A simple example:
+But you can define your own custom error pages and display them when you deny certain access.  A simple example:
 <code>
@@ Line 151: / Line 185: @@
 </code>
-This will deny access only for the user from the IP address 10.0.5.16 when www.google.com is accessed.
+  * This will deny access only for the user from the IP address 10.0.5.16 when www.google.com is accessed.
+    * As you can see the ACLs admin and google are combined.  In such a combination the last ACL in the line is taken into account for lookups of **deny_info**.
-As you can see the ACLs admin and google are combined.  In such a combination the last ACL in the line is taken into account for lookups of **deny_info**.
+    * So it’s important that you define a **deny_info** for the google ACL.
-So it’s important that you define a **deny_info** for the google ACL.
 ----