Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Sep 1999 18:22:25 +0300
From:      "Ertan Kucukoglu" <ertank@hotpop.com>
To:        "Langa Kentane" <evablunted@earthling.net>
Cc:        "FreeBSD" <FreeBSD-questions@FreeBSD.ORG>
Subject:   Re: Squid access list problems
Message-ID:  <002b01bf0445$6621aa00$5f94fcd4@Ertan>
References:  <000001bf042e$bb655410$19a8ef9b@sunnet.co.za>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> I cannot get anything thru squid. My browser gives me an access denied
> response.
>
> I looked at my access control in squid.conf and found the ff lines.  Can
you
> please explain what they mean and how I can change them to give me http
and
> ftp access to the net.
>
> The squid.conf lines follow:
>
> #Defaults:
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
>
> #Default configuration:
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> http_access allow all
>
> #  TAG: icp_access
> #       Reply to all ICP queries we receive
> #
> icp_access allow all
>
> Thanks in advance
>
> Cheers
>

Hello,

Let me give my own squid.conf file and explain it. Please make 
a copy of yours and then try to use the one I give below.

I numbered each line for easy explanation. Please remove that
numbers while you use. Here it is :

#####
1) http_access 3128

2) cache_mem 24 MB
3) cache_dir /usr/local/squid/cache 250 16 256

4) acl ozler src 128.0.0.1-128.0.0.50/255.255.0.0
5) acl all src 0.0.0.0/0.0.0.0

6) http_access allow ozler
7) http_access deny all
#####

1) Here you give a port number for squid to set itself. After with your
client machines. You must use you FreeBSD IP number and this port
number for your proxy settings. You may give any number between
1-65535, but is is good so do not change it.

2) Here you give squid the information that how much RAM it should use.
You can give it as more as you want but although be careful. Your 
FreeBSD uses it too. :-)

3) This line is for your disk cache information. Here we say squid to use
/usr/local/squid/cache dir for local caching. And that it should use up to
250MB of disk space. The numbers 16 and 256 indicate it should set
directories under ../cache like this:
../cache/00
../cache/01
...
../cache/0F

and under each 16 directory it will create another 256 directories with the
same way.

4) Here I am giving the exact answer. This line indicates a access list.
The name ozler holds 128.0.0.1-128.0.0.50 IP numbers. All belong to
255.255.0.0 sub netmask. You may change this line like
acl my_list src 192.168.0.2-192.168.0.15/255.255.255.0

This line says my access list name is "my_list" it points IP numbers
192.168.0.2 tp 192.168.0.15. All IPs belong to 255.255.255.0 sub
netmask.

5) This line must be in your squid.conf file. Write it as is. The "all" acl
contains all IP numbers.

6) Here you allow "ozler" access list to use your squid proxy. If you use
the example I give above (4) it should be "http_access allow my_list".
Here you give exact authorization.

7) Leave this line as is. It blocks all attemps to use proxy.

And tips. Authorization and restiriction lines follows the given order.
In detail. If you put lines like below you still unable to use your proxy
server.
http_access deny all
http_access allow my_list

Sorry for my English. And I hope I managed to help.

Regards,

Ertan Kucukoglu
ertan@softhome.net





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?002b01bf0445$6621aa00$5f94fcd4>