Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
631632633634635636637638639640
“main” (Installation and Administration) 2004/6/25 13:29 page 608 #634
i
i
i
i
i
i
i
i
never_direct allow <acl_name> To prevent Squid from taking requests
directly from the Internet, use the above command to force connec-
tion to another proxy. This must have previously been entered in
cache_peer. If all is specified as the <acl_name>, force all requests to
be forwarded directly to the parent. This might be necessary, for ex-
ample, if you are using a provider that strictly stipulates the use of its
proxies or denies its firewall direct Internet access.
Options for Access Controls
Squid provides a detailed system for controlling the access to the proxy.
By implementing ACLs, it can be configured easily and comprehensively.
This involves lists with rules that are processed sequentially. ACLs must be
defined before they can be used. Some default ACLs, such as all and local-
host, already exist. However, the mere definition of an ACL does not mean
that it is actually applied. This only happens in conjunction with http_access
rules.
acl <acl_name> <type> <data> An ACL requires at least three specifi-
cations to define it. The name <acl_name> can be chosen arbitrar-
ily. For <type>, select from a variety of different options, which can
be found in the ACCESS CONTROLS section in the /etc/squid/
squid.conf file. The specification for <data> depends on the indi-
vidual ACL type and can also be read from a file, for example, via
host names, IP addresses, or URLs. The following are some simple
examples:
acl mysurfers srcdomain .my-domain.com
acl teachers src 192.168.1.0/255.255.255.0
acl students src 192.168.7.0-192.168.9.0/255.255.255.0
acl lunch time MTWHF 12:00-15:00
http_access allow <acl_name> http_access defines who is allowed to use
the proxy and who can access what on the Internet. For this, ACLs
must be given. localhost and all have already been defined above,
which can deny or allow access via deny or allow. A list containing
any number of http_access entries can be created, processed from top
to bottom, and, depending on which occurs first, access is allowed or
denied to the respective URL. The last entry should always be http_-
access deny all. In the following example, the localhost has free access to
everything while all other hosts are denied access completely.
http_access allow localhost
http_access deny all
608 25.3. Proxy Server: Squid