[squid-users] ACLs allow/deny logic
Vieri
rentorbuy at yahoo.com
Mon Jun 26 13:01:23 UTC 2017
________________________________
From: Amos Jeffries <squid3 at treenet.co.nz>
>> I'd like to allow by default and deny only according to the ACLs I define.
>>
>> Here's an example with Telegram. I'd like to deny all application/octet-stream mime types in requests
>> and replies except for a set of IP addresses or domains.>
> Er, deny is the opposite of allow. So your "example" is to demonstrate
> the _opposite_ of what you want?
>
> Not to mention that what you want is the opposite of a well-known
> Security Best-Practice. Well, your call, but when things go terribly
> wrong don't say you weren't warned.
My sentence was misleading, I suppose.
My squid.conf has the following structure (which I believe is close to the default for a caching http proxy):
ACL definitions
http_access deny ...
http_reply_access deny ...
http_access deny intercepted !localnet
http_access allow localnethttp_access deny all
Is there anything wrong with this?
Vieri
More information about the squid-users
mailing list