[people/pmueller/ipfire-2.x.git] / config / cfgroot / proxy-acl

# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes\r
# you make will be overwritten whenever you resave proxy settings using the\r
# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then\r
# restart squid using the web interface. Changes made to the 'acl' file\r
# will propagate to the 'squid.conf' file at that time.\r
# [Scott Tregear, 22 Feb 2005]\r
\r
# Uncomment the following line to enable logging of User-Agent header:\r
#useragent_log      /var/log/squid/user_agent.log\r
\r
# Uncomment the following line to enable logging of Referer header:\r
#referer_log        /var/log/squid/referer.log\r
\r
acl all src 0.0.0.0/0.0.0.0\r
acl localhost src 127.0.0.1/255.255.255.255\r
acl SSL_ports port 443 563 \r
acl Safe_ports port 80 # http \r
acl Safe_ports port 21 # ftp \r
acl Safe_ports port 443 563 # https, snews \r
acl Safe_ports port 70 # gopher \r
acl Safe_ports port 210 # wais \r
acl Safe_ports port 1025-65535 # unregistered ports \r
acl Safe_ports port 280 # http-mgmt \r
acl Safe_ports port 488 # gss-http \r
acl Safe_ports port 591 # filemaker \r
acl Safe_ports port 777 # multiling http \r
acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) \r
\r
acl IPCop_http  port 81\r
acl IPCop_https port 444\r
acl IPCop_ips  dst __GREEN_IP__ __BLUE_IP__\r
acl IPCop_networks src __GREEN_NET__ __BLUE_NET__\r
acl CONNECT method CONNECT \r
\r
##Access to squid:\r
#local machine, no restriction\r
http_access allow         localhost\r
\r
#GUI admin if local machine connects\r
http_access allow         IPCop_ips IPCop_networks IPCop_http\r
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https\r
\r
#Deny not web services\r
http_access deny          !Safe_ports\r
http_access deny  CONNECT !SSL_ports\r
\r
#Finally allow IPCop_networks clients\r
http_access allow         IPCop_networks\r
http_access deny          all\r
Commit	Line	Data
35f994e9 MT	1	# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes\r
	2	# you make will be overwritten whenever you resave proxy settings using the\r
	3	# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then\r
	4	# restart squid using the web interface. Changes made to the 'acl' file\r
	5	# will propagate to the 'squid.conf' file at that time.\r
	6	# [Scott Tregear, 22 Feb 2005]\r
	7	\r
	8	# Uncomment the following line to enable logging of User-Agent header:\r
	9	#useragent_log /var/log/squid/user_agent.log\r
	10	\r
	11	# Uncomment the following line to enable logging of Referer header:\r
	12	#referer_log /var/log/squid/referer.log\r
	13	\r
	14	acl all src 0.0.0.0/0.0.0.0\r
	15	acl localhost src 127.0.0.1/255.255.255.255\r
	16	acl SSL_ports port 443 563 \r
	17	acl Safe_ports port 80 # http \r
	18	acl Safe_ports port 21 # ftp \r
	19	acl Safe_ports port 443 563 # https, snews \r
	20	acl Safe_ports port 70 # gopher \r
	21	acl Safe_ports port 210 # wais \r
	22	acl Safe_ports port 1025-65535 # unregistered ports \r
	23	acl Safe_ports port 280 # http-mgmt \r
	24	acl Safe_ports port 488 # gss-http \r
	25	acl Safe_ports port 591 # filemaker \r
	26	acl Safe_ports port 777 # multiling http \r
	27	acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) \r
	28	\r
	29	acl IPCop_http port 81\r
	30	acl IPCop_https port 444\r
	31	acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__\r
	32	acl IPCop_networks src __GREEN_NET__ __BLUE_NET__\r
	33	acl CONNECT method CONNECT \r
	34	\r
	35	##Access to squid:\r
	36	#local machine, no restriction\r
	37	http_access allow localhost\r
	38	\r
	39	#GUI admin if local machine connects\r
	40	http_access allow IPCop_ips IPCop_networks IPCop_http\r
	41	http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https\r
	42	\r
	43	#Deny not web services\r
	44	http_access deny !Safe_ports\r
	45	http_access deny CONNECT !SSL_ports\r
	46	\r
	47	#Finally allow IPCop_networks clients\r
	48	http_access allow IPCop_networks\r
	49	http_access deny all\r