|
||||||||||||||||||||||||||||||||||||||||||||||||||
Menu
Distributions (131)
Software (10844)
|
Squid - part IIIn the previous part we went through acl classes, now let's continue with acl
operators.
Acl operatorsYou have already seen the http_access allow|deny [!]aclname1 [[!]aclname2 ... ] (The syntax is the same for all operators, not only for
acl myNet src 192.168.0.0/255.255.0.0 acl all src 0.0.0.0/0.0.0.0 http_access deny all !myNet # http_access deny all If the IP is in myNet, the result is The other acl operators are No_cacheThis operator is used not to store the selected pages in the cache. In the default configuration there are lines that match the results of cgi programs and eject them from the cache (by default it is commented, so you have to uncomment them). acl QUERY urlpath_regex cgi-bin \\? no_cache deny QUERY Broken_postsSome servers do not comply with the HTTP specification. To communicate with
these servers (which should be identified by the acl broken_server url_regex http://broken-server-list.com broken_posts allow broken_server Delay classesDelay classes are used to control the bandwidth. It is done by so-called delay pools. Downloads are classified into segments and binded to certain amounts of bandwidth. There are three types of delay classes.
ACL examples and FAQAt the end there are some examples and common problems. Logic mistakes
The access controls cannot be combined with the
For example the acl configuration like this cannot work properly acl ME src 192.168.1.1 acl YOU src 192.168.1.2 http_access allow ME YOU In this example the http_access operator will grant the access only if both ME acl and YOU acl match the request and that is not the behaviour we want. The working example can be written like this acl ME src 192.168.1.1 acl YOU src 192.168.1.2 http_access allow ME http_access allow YOU Or in the easier way. acl US 192.168.1.1 192.168.1.2 http_access allow US The acl debuggingIf you really can't determine where the problem is, you should turn the debugging on. It is done by the command debug_options. To start the acl debugging add this line to your squid.conf. debug_options ALL,1 33,2 This enables debugging for section 33 at level 2. Your cache.log now should contain a line for every request, where there is if it was allowed or denied, etc. Customisation of the error messagesIn some situations you need to customise some error messages. You can also create some new error messages. The error messages are kept in the directory /usr/local/squid/etc/errors by
default, but e. g. in Debian they are in /usr/lib/squid/errors/language. The
location of this directory is set by the <p> The URL %U cannot be retrieved, because of it's pornographic content. If you feel you have received this message in error, please contact our support centre. </p> Then put to squid.conf this entry. acl porn url_regex "/usr/local/squid/etc/porn.txt" deny_info ERR_PORN porn http_access deny porn
Now when a user is trying to retrieve an URL matching regular expression in
/usr/local/squid/etc/porn.txt, this error message is shown. The tag
|
Search Software
Search Google
|
||||||||||||||||||||||||||||||||||||||||||||||||
©Pavel Kysilka - 2003-2024 | maillinuxsoft.cz | Design: www.megadesign.cz |