LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Squid 2.3

[ILUG] Squid 2.3

Niall O Broin niall at linux.ie
Tue Jul 10 13:23:15 IST 2001 

I'm in the process of upgrading my main box to SuSE 7.1 (yes, thank you, I
know 7.2 is out now) and it's hurting my head in numerous ways. The latest
is Squid. I've installed Squid 2.3 and have it pointing to my existing squid
cache directory. I have a squid configuration file with acls defined like

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

and http_access rules like

http_access allow manager localhost 
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
http_access allow localnet
http_access deny all

yet it didn't allow access to the box it's running on. I fixed this by
adding in a line with 

http_access allow localhost

but why doesn't the line 

http_access allow manager localhost

allow this ? Does that line mean

allow access for protocol cache_object from source localhost

or does it mean 

allow access for protocol cache_object, source localhost

I seem to have very little squid documentation, and the sample configuration
file says

http_access allow|deny [!]aclname ...

but there's no indication as to what the ellipsis means here - does it mean
that access will be allowed/denied to a list of acls, or only to traffic
matching all the acls specified. Does ... mean union or intersection in this
case ? I'd normally take it to mean union, but in this case it seems to mean
intersection.



Regards,



Niall

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell