squid的配制,我想控制192.168.0.2机器不让上网,可是不起作用

由 邓奕文 在 11-22-2003 09:00 发表:

版主帮我看看,谢谢了

以下是我squid的配制,我想控制192.168.0.2机器不让上网,可是不起作用,要么全上不了,要么全都上,我不知道是什么地方出现了问题,所以贴出来给大家看看,现在很急着用,望位兄弟多多指教

ACCESS CONTROLS

-----------------------------------------------------------------------------

TAG: acl

Defining an Access List

acl aclname acltype string1 ...

acl aclname acltype "file" ...

when using "file", the file should contain one item per line

acltype is one of the types described below

By default, regular expressions are CASE-SENSITIVE. To make

them case-insensitive, use the -i option.

acl aclname src addr1-addr2/netmask ... (range of addresses)

acl aclname dst ip-address/netmask ... (URL host's IP address)

acl aclname myip ip-address/netmask ... (local socket IP address)

acl aclname srcdomain .foo.com ... # reverse lookup, client IP

acl aclname dstdomain .foo.com ... # Destination server from URL

acl aclname srcdom_regex [-i] xxx ... # regex matching client name

acl aclname dstdom_regex [-i] xxx ... # regex matching server

# For dstdomain and dstdom_regex a reverse lookup is tried if a IP

# based URL is used. The name "none" is used if the reverse lookup

# fails.

acl aclname time [day-abbrevs] [h1:m1-h2:m2]

day-abbrevs:

S - Sunday

M - Monday

T - Tuesday

W - Wednesday

H - Thursday

F - Friday

A - Saturday

h1:m1 must be less than h2:m2

acl aclname url_regex [-i] ^ http:// ... # regex matching on whole URL

acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path

acl aclname port 80 70 21 ...

acl aclname port 0-1024 ... # ranges allowed

acl aclname myport 3128 ... # (local socket TCP port)

acl aclname proto HTTP FTP ...

acl aclname method GET POST ...

acl aclname browser [-i] regexp ...

# pattern match on User-Agent header

acl aclname referer_regex [-i] regexp ...

# pattern match on Referer header

# Referer is highly unreliable, so use with care

acl aclname ident username ...

acl aclname ident_regex [-i] pattern ...

# string match on ident output.

# use REQUIRED to accept any non-null ident.

acl aclname src_as number ...

acl aclname dst_as number ...

# Except for access control, AS numbers can be used for

# routing of requests to specific caches. Here's an

# example for routing all requests for AS#1241 and only

# those to mycache.mydomain.net:

# acl asexample dst_as 1241

# cache_peer_access mycache.mydomain.net allow asexample

# cache_peer_access mycache_mydomain.net deny all

acl aclname proxy_auth username ...

acl aclname proxy_auth_regex [-i] pattern ...

# list of valid usernames

# use REQUIRED to accept any valid username.

# NOTE: when a Proxy-Authentication header is sent but it is not

# needed during ACL checking the username is NOT logged

# in access.log.

# NOTE: proxy_auth requires a EXTERNAL authentication program

# to check username/password combinations (see

# authenticate_program).

# WARNING: proxy_auth can't be used in a transparent proxy. It

# collides with any authentication done by origin servers. It may

# seem like it works at first, but it doesn't.

acl aclname snmp_community string ...

# A community string to limit access to your SNMP Agent

# Example:

# acl snmppublic snmp_community public

acl aclname maxconn number

# This will be matched when the client's IP address has

# more than

  1<number> HTTP connections established.   
  2  
  3#   
  4  
  5# acl aclname max_user_ip [-s] number   
  6  
  7# # This will be matched when the user attempts to log in from more   
  8  
  9# # than <number> different ip addresses. The authenticate_ip_ttl   
 10  
 11# # parameter controls the timeout on the ip entries.   
 12  
 13# # If -s is specified then the limit is strict, denying browsing   
 14  
 15# # from any further IP addresses until the ttl has expired. Without   
 16  
 17# # -s Squid will just annoy the user by "randomly" denying requests.   
 18  
 19# # (the counter is then reset each time the limit is reached and a   
 20  
 21# # request is denied)   
 22  
 23# # NOTE: in acceleration mode or where there is mesh of child proxies,   
 24  
 25# # clients may appear to come from multiple addresses if they are   
 26  
 27# # going through proxy farms, so a limit of 1 may cause user problems.   
 28  
 29#   
 30  
 31# acl aclname req_mime_type mime-type1 ...   
 32  
 33# # regex match agains the mime type of the request generated   
 34  
 35# # by the client. Can be used to detect file upload or some   
 36  
 37# # types HTTP tunelling requests.   
 38  
 39# # NOTE: This does NOT match the reply. You cannot use this   
 40  
 41# # to match the returned file type.   
 42  
 43#   
 44  
 45# acl aclname rep_mime_type mime-type1 ...   
 46  
 47# # regex match against the mime type of the reply recieved by   
 48  
 49# # squid. Can be used to detect file download or some   
 50  
 51# # types HTTP tunelling requests.   
 52  
 53# # NOTE: This has no effect in http_access rules. It only has   
 54  
 55# # effect in rules that affect the reply data stream such as   
 56  
 57# # http_reply_access.   
 58  
 59#   
 60  
 61# acl acl_name external class_name [arguments...]   
 62  
 63# # external ACL lookup via a helper class defined by the   
 64  
 65# # external_acl_type directive.   
 66  
 67#   
 68  
 69#Examples:   
 70  
 71#acl myexample dst_as 1241   
 72  
 73#acl password proxy_auth REQUIRED   
 74  
 75#acl fileupload req_mime_type -i ^multipart/form-data$   
 76  
 77#acl javascript rep_mime_type -i ^application/x-javascript$   
 78  
 79#   
 80  
 81#Recommended minimum configuration:   
 82  
 83acl all src 0.0.0.0/0.0.0.0   
 84  
 85acl manager proto cache_object   
 86  
 87acl localhost src 127.0.0.1/255.255.255.255   
 88  
 89acl to_localhost dst 127.0.0.0/8   
 90  
 91acl my_network src 192.168.0.0/24   
 92  
 93acl dyw src 192.168.0.2/24   
 94  
 95acl SSL_ports port 443 563   
 96  
 97acl Safe_ports port 80 # http   
 98  
 99acl Safe_ports port 21 # ftp   
100  
101acl Safe_ports port 443 563 # https, snews   
102  
103acl Safe_ports port 70 # gopher   
104  
105acl Safe_ports port 210 # wais   
106  
107acl Safe_ports port 1025-65535 # unregistered ports   
108  
109acl Safe_ports port 280 # http-mgmt   
110  
111acl Safe_ports port 488 # gss-http   
112  
113acl Safe_ports port 591 # filemaker   
114  
115acl Safe_ports port 777 # multiling http   
116  
117acl CONNECT method CONNECT   
118  
119  
120  
121# TAG: http_access   
122  
123# Allowing or Denying access based on defined access lists   
124  
125#   
126  
127# Access to the HTTP port:   
128  
129# http_access allow|deny [!]aclname ...   
130  
131#   
132  
133# NOTE on default values:   
134  
135#   
136  
137# If there are no "access" lines present, the default is to deny   
138  
139# the request.   
140  
141#   
142  
143# If none of the "access" lines cause a match, the default is the   
144  
145# opposite of the last line in the list. If the last line was   
146  
147# deny, then the default is allow. Conversely, if the last line   
148  
149# is allow, the default will be deny. For these reasons, it is a   
150  
151# good idea to have an "deny all" or "</number></number>
Published At
Categories with 服务器类
Tagged with
comments powered by Disqus