[TriLUG] Trouble with Squid
Roy Vestal
rvestal at trilug.org
Sat Aug 22 22:35:47 EDT 2009
Hey all,
I have squid setup and it appears to be caching and blocking as I
wish. However, I have an internal server that I am being denied to. On
top of that, I need to connect to an unregistered port. I know I've
missed something in the acls.
Here is the acl section. Any insight would be greatly appreciated:
<snip>
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#blacklist
acl BAD_DOMAINS dstdom_regex "/etc/squid/bad_domains"
http_access deny BAD_DOMAINS
#internal server
acl server dst 10.0.1.150
http_access allow server
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#internal network
acl our_networks src 10.0.1.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
</snip>
TIA,
-Roy
More information about the TriLUG
mailing list