From: Amos Jeffries Date: Mon, 30 Apr 2018 22:14:17 +0000 (+0000) Subject: Documentation for several ACL types (#189) X-Git-Tag: SQUID_4_0_25~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3988ab9b756cb32cf94dd015a791e81a525a66b0;p=thirdparty%2Fsquid.git Documentation for several ACL types (#189) These ACL types have been available for some time but have not yet had a mention in the squid.conf docs. --- diff --git a/src/acl/ConnectionsEncrypted.cc b/src/acl/ConnectionsEncrypted.cc index 71ced0a186..2523f1ceaf 100644 --- a/src/acl/ConnectionsEncrypted.cc +++ b/src/acl/ConnectionsEncrypted.cc @@ -47,7 +47,7 @@ void Acl::ConnectionsEncrypted::parse() { if (ConfigParser::strtokFile()) { - debugs(89, DBG_CRITICAL, "WARNING: connections_encrypted does not accepts any value."); + debugs(89, DBG_CRITICAL, "WARNING: connections_encrypted does not accept any value."); } } diff --git a/src/cf.data.pre b/src/cf.data.pre index 8ee12268ea..58b17b2127 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1046,19 +1046,27 @@ DOC_START acl aclname dst [-n] ip-address/mask ... # URL host's IP address [slow] acl aclname localip ip-address/mask ... # IP address the client connected to [fast] - acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation) +if USE_SQUID_EUI + acl aclname arp mac-address ... + acl aclname eui64 eui64-address ... # [fast] + # MAC (EUI-48) and EUI-64 addresses use xx:xx:xx:xx:xx:xx notation. + # # The 'arp' ACL code is not portable to all operating systems. # It works on Linux, Solaris, Windows, FreeBSD, and some other # BSD variants. # - # NOTE: Squid can only determine the MAC/EUI address for IPv4 + # The eui_lookup directive is required to be 'on' (the default) + # and Squid built with --enable-eui for MAC/EUI addresses to be + # available for this ACL. + # + # Squid can only determine the MAC/EUI address for IPv4 # clients that are on the same subnet. If the client is on a # different subnet, then Squid cannot find out its address. # - # NOTE 2: IPv6 protocol does not contain ARP. MAC/EUI is either + # IPv6 protocol does not contain ARP. MAC/EUI is either # encoded directly in the IPv6 address or not available. - +endif acl aclname clientside_mark mark[/mask] ... # matches CONNMARK of an accepted connection [fast] # @@ -1101,6 +1109,7 @@ DOC_START # cache_peer_access mycache_mydomain.net deny all acl aclname peername myPeer ... + acl aclname peername_regex [-i] regex-pattern ... # [fast] # match against a named cache_peer entry # set unique name= on cache_peer lines for reliable use.