LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-29-2010, 01:00 AM   #1
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Rep: Reputation: 1
squid acl


hi

i have 2.6.STABLE6 installed on centos5.3, i make acl for ip range
like acl foo src 192.16.1.10-192.16.1.15 and make http_access to this acl foo but i want some ip like 192.16.1.13 to be exclude from this acl foo it is possible if yes then how can i do
 
Old 12-29-2010, 01:10 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Yes you can exclude the IP if you want. You can create another acl with the concerned IP as source and put it http_access area separately.
Like
Code:
acl foo src 192.168.1.10-192.168.1.15
acl bar src 192.168.1.13
.
.
.
.
http_access allow bar
http_access deny foo
This will allow access to 192.168.1.13 but deny to all others in the other acl
 
Old 12-29-2010, 02:03 AM   #3
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
thanks for quick reply

Amar
 
Old 12-29-2010, 02:14 AM   #4
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
You are welcome but does this solve your problem? Is this the solution you were looking for? If it indeed does, then mark the thread as solved from the thread tools.
 
Old 12-30-2010, 12:47 AM   #5
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
hi
sorry i tried but it not working as i apply acl to 192.168.1.10-192.168.1.15 ip range
and exculed 192.168.1.13 but the acl applied for above ip range is only applied for 192.16.1.13
 
Old 12-30-2010, 12:48 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Post your configuration then. You must be doing something wrong.
 
Old 12-30-2010, 01:19 AM   #7
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
hi

acl gmail dstdomain .gmail.com
acl gmail dstdomain .gmail.google.com
acl gmail dstdomain .mail.google.com
acl gmail dstdomain .login.yahoo.com
acl gmail dstdomain .messenger.yahoo.com
acl gmail dstdomain .mail.rediff.com
acl bar src 192.16.1.10-172.16.1.15/32
acl sudhir src 192.16.1.13/32


http_access deny gmail bar
http_access deny download bar
http_access allow bar
http_access deny gmail sudhir
http_access allow download sudhir
http_access allow sudhir


here i want to deny for sudhir gmail and allow download and rest ip in range in bar acl have deny gmail,download

acl download contain various sites like yahoo,indiatimes etc
 
Old 12-30-2010, 02:25 AM   #8
raviteja_s
Member
 
Registered: Jun 2010
Location: India
Distribution: Redhat
Posts: 68

Rep: Reputation: 1
acl bar src 192.16.1.10-172.16.1.15/32 ( 192.16.1.15/32)
acl sudhir src 192.16.1.13/32
 
Old 12-30-2010, 02:55 AM   #9
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
hi


sorry it is wrongly typed by me in forum but is correct in squid.conf making correction here and pls reply what to do-

acl gmail dstdomain .gmail.com
acl gmail dstdomain .gmail.google.com
acl gmail dstdomain .mail.google.com
acl gmail dstdomain .login.yahoo.com
acl gmail dstdomain .messenger.yahoo.com
acl gmail dstdomain .mail.rediff.com
acl bar src 192.16.1.10-192.16.1.15/32
acl sudhir src 192.16.1.13/32


http_access deny gmail bar
http_access deny download bar
http_access allow bar
http_access deny gmail sudhir
http_access allow download sudhir
http_access allow sudhir


here i want to deny for sudhir gmail and allow download and rest ip in range in bar acl have deny gmail,download

acl download contain various sites like yahoo,indiatimes etc
 
Old 12-30-2010, 03:13 AM   #10
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
I am not sure about your access control lists. They are too confusing. You need clear idea on what you are doing and where you put the domains. If you put same domain in multiple lists, the top access control will match first and work and anything down the line will be ignored. What you want to do is clearly possible. Your access control lists need to be more clear.
 
Old 12-30-2010, 03:50 AM   #11
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
hi
the acl gmail is used to block ,gmail,mail.rediffmail.com etc mention in acl below

acl gmail dstdomain .gmail.com
acl gmail dstdomain .gmail.google.com
acl gmail dstdomain .mail.google.com
acl gmail dstdomain .login.yahoo.com
acl gmail dstdomain .messenger.yahoo.com
acl gmail dstdomain .mail.rediff.com


the acl download is used to block ,indiatimes.com,hotmail etc

acl download url_regex -i "/etc/squid/download"

iwant to block ips 10,11,12,14,15 for acl gmail and download but want 13 to allow download acl and do not allow gmail acl

acl bar src 192.16.1.10-192.16.1.15/32
acl sudhir src 192.16.1.13/32


http_access deny gmail bar
http_access deny download bar
http_access allow bar
http_access deny gmail sudhir
http_access allow download sudhir
http_access allow sudhir
 
Old 12-30-2010, 07:24 AM   #12
amartlk
Member
 
Registered: Sep 2010
Location: Nagpur India
Posts: 347

Original Poster
Rep: Reputation: 1
hi]


reply please its urgent
 
Old 12-30-2010, 07:25 AM   #13
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,527

Rep: Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898Reputation: 898
Quote:
Originally Posted by amartlk View Post
hi]
reply please its urgent
Then please look for a payed support.

Kind regards
 
Old 12-31-2010, 12:56 AM   #14
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Unless you say what is exactly there in the download file and what is not working correctly, it would be difficult to help. What control lists are not working and what are working?
 
Old 12-31-2010, 12:57 AM   #15
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
And yes, there is nothing urgent here. All are volunteers here.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid ACL uwa45 Linux - Networking 1 06-11-2010 01:30 PM
squid ACL andycol Linux - Server 8 10-31-2009 06:58 AM
squid acl Winanjaya Linux - Server 1 04-23-2009 12:03 PM
Squid acl help cgelectek Linux - Networking 3 11-11-2005 12:04 AM
Squid ACL dfctve_end_user Linux - Networking 2 01-13-2003 10:30 AM


All times are GMT -5. The time now is 01:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration