Currently we are using Squid-2.4 on our proxy-server.
The ip-range of our LAN is 192.168.0.0/24 and only from a few
workstations FTP-connections are to be allowed to the outside world. Of
course we could implement these restrictions our firewall but as
additional security we would like to add them to our
/etc/squid/squid.conf as well.
Does anyone know how to setup the configuration file to achieve this
purpose?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl Lokaal src 192.168.0.0/255.255.255.0
acl validusers proxy_auth REQUIRED
acl ftp proto ftp
acl ftpusers src 192.168.0.1/255.255.255.255 192.168.0.2/255.255.255.255
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# Access to the ICP port:
# icp_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to allow
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default configuration:
http_access allow manager localhost
http_access deny manager
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access deny !Safe_ports
http_access allow ftp ftpusers
http_access deny ftp
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow Lokaal
http_access deny all
Thanks
A.Koster
lidad@zeelandnet.nl
Received on Mon Jan 14 2002 - 13:17:23 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:51 MST