Very Important ACL
• It is very important that you allow access to Squid from only
your local users or people that you trust.
• An open proxy will be abused by people that download pornog-
raphy, post hateful messages, and make purchases with frad-
ulent credit cards.
• Those transactions will be traced back to your IP address.
• Your IP address may be listed in an Open Proxy blacklist.
ACLs: The Defaults
• Here are the default Squid ACLs:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny to_localhost
http_access allow localhost
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access deny all
http_reply_access allow all
icp_access allow all
ACLs: Allow Local Clients
• First, de¯ne the acl:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
• Then, allow the access, just before the ¯nal deny rule:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow our_networks
http_access deny all
For any Further Setting Contact US... imrance@gmail.com