Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual page 443

acl <acl_name> <type> <data>
An ACL requires at least three specifications to define it. The name <acl_name>
can be chosen arbitrarily. For <type>, select from a variety of different options,
which can be found in the ACCESS CONTROLS section in the /etc/squid/
squid.conf file. The specification for <data> depends on the individual ACL
type and can also be read from a file, for example, via hostnames, IP addresses, or
URLs. The following are some simple examples:
acl mysurfers srcdomain .my-domain.com
acl teachers src 192.168.1.0/255.255.255.0
acl students src 192.168.7.0-192.168.9.0/255.255.255.0
acl lunch time MTWHF 12:00-15:00
http_access allow <acl_name>
http_access defines who is allowed to use the proxy and who can access what on
the Internet. For this, ACLs must be given. localhost and all have already been
defined above, which can deny or allow access via deny or allow. A list containing
any number of http_access entries can be created, processed from top to bottom,
and, depending on which occurs first, access is allowed or denied to the respective
URL. The last entry should always be http_access deny all. In the following exam-
ple, the localhost has free access to everything while all other hosts are denied access
completely.
http_access allow localhost
http_access deny all
In another example using these rules, the group teachers always has access to
the Internet. The group students only gets access Monday to Friday during
lunch time.
http_access deny localhost
http_access allow teachers
http_access allow students lunch time
http_access deny all
The list with the http_access entries should only be entered, for the sake of read-
ability, at the designated position in the /etc/squid/squid.conf file. That
is, between the text
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
# CLIENTS
The Proxy Server Squid 429