[squid-users] limit access with acl only based on source and destination domain
Blaxton
blaxxton at yahoo.com
Fri May 5 03:47:47 UTC 2017
What is the difference between :
http_access allow From_Source_Domains
http_access allow To_Destination_Domains
And
http_access allow From_Source_Domains To_Destination_Domains
?
From: Amos Jeffries <squid3 at treenet.co.nz>
To: squid-users at lists.squid-cache.org
Sent: Wednesday, May 3, 2017 8:19 AM
Subject: Re: [squid-users] limit access with acl only based on source and destination domain
On 03/05/17 12:40, Blaxton wrote:
> Hi
>
> I am trying to limit the out bound connection based on list of domain
> names defined
> in srcdomain and dstdomain.
>
> Here is acl :
>
> acl From_Source_Domains srcdomain domain1 domain2 domain3
> acl To_Destination_Domains dstdomain domain4 domain5 domain6
>
> Now some web site says below considered OR and it is working for me:
> http_access allow From_Source_Domains
> http_access allow To_Destination_Domains
>
> And some web sites saying below considered AND but it is not working
> for me:
> http_access allow From_Source_Domains To_Destination_Domains
>
> I am assuming since I have not allowed any port, then port should be
> disabled
> but it is not, on OR of the src and dst domains.
No, ports are not part of that lines rule. There is no enable/disable -
they are simply irrelevant when processing that line.
Traffic which gets filtered by that line coming from any client whose IP
address rDNS matches one of the "From_Source_Domains" AND URL contains
one of the "To_Destination_Domains" gets allowed into Squid.
>
> If add
> acl http_port 80
> http_access allow http_port
>
> Then it allow traffic from any source to any destination if port is 80.
>
> Kind of confusing and need a bit of help.
The "how" is simple:
http_access lines are processed from top to bottom, left to right.
First fully matching line wins and its action (allow or deny) happens.
<wiki.squid-cache.org/SquidFaq/OrderIsImportant>
<http://wiki.squid-cache.org/SquidFaq/SquidAcl#The_Basics:_How_the_parts_fit_together>
<http://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes>
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170505/8009cb0a/attachment.html>
More information about the squid-users
mailing list