[squid-users] Access regulation with multiple outgoing IPs
rudi
rudis.gameshop at gmail.com
Sun Oct 25 15:28:05 UTC 2015
Hey Amos,
thank you very much for your very helpful information. Now i have an access
control an SSL is fixed too but i had to add port 80 as SSL port to use the
proxies as https proxy in proxifier.
One more question. Now i can use the proxies from
193.xxx.xxx.x1/255.255.255.xxx. But if i want to use the proxies from a
virtual machine i can not get access to them. I tried different Ips. Do you
know what IPs or information i have to add to the acl on top to get the VMs
working? Thank you so much!
This is my file with working access regulation and SSL fix:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl localnet src 193.xxx.xxx.x1/255.255.255.xxx
acl SSL_ports port 443
acl SSL_ports port 80
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_port 178.xxx.xxx.x3:3129 name=3129
acl vm3129 myportname 3129
tcp_outgoing_address 178.xxx.xxx.x3 vm3129
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
#http_port 3128
Best regards
Manuel
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Access-regulation-with-multiple-outgoing-IPs-tp4673900p4673906.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list