X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=config%2Fcfgroot%2Fproxy-acl;h=038f64d8f7b21b42a92f17b35fad19113101c026;hp=ca1ccdfb2b5f58345d35cd97b277f1e9001113cf;hb=35f994e98e3e00b252255ad8057aeabe277caf83;hpb=90c6be89dca1877978fceb487a3c09e295658297 diff --git a/config/cfgroot/proxy-acl b/config/cfgroot/proxy-acl index ca1ccdfb2b..038f64d8f7 100644 --- a/config/cfgroot/proxy-acl +++ b/config/cfgroot/proxy-acl @@ -1,49 +1,49 @@ -# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes -# you make will be overwritten whenever you resave proxy settings using the -# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then -# restart squid using the web interface. Changes made to the 'acl' file -# will propagate to the 'squid.conf' file at that time. -# [Scott Tregear, 22 Feb 2005] - -# Uncomment the following line to enable logging of User-Agent header: -#useragent_log /var/log/squid/user_agent.log - -# Uncomment the following line to enable logging of Referer header: -#referer_log /var/log/squid/referer.log - -acl all src 0.0.0.0/0.0.0.0 -acl localhost src 127.0.0.1/255.255.255.255 -acl SSL_ports port 443 563 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 563 # https, snews -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) - -acl IPCop_http port 81 -acl IPCop_https port 445 -acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__ -acl IPCop_networks src __GREEN_NET__ __BLUE_NET__ -acl CONNECT method CONNECT - -##Access to squid: -#local machine, no restriction -http_access allow localhost - -#GUI admin if local machine connects -http_access allow IPCop_ips IPCop_networks IPCop_http -http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https - -#Deny not web services -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports - -#Finally allow IPCop_networks clients -http_access allow IPCop_networks -http_access deny all +# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes +# you make will be overwritten whenever you resave proxy settings using the +# web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then +# restart squid using the web interface. Changes made to the 'acl' file +# will propagate to the 'squid.conf' file at that time. +# [Scott Tregear, 22 Feb 2005] + +# Uncomment the following line to enable logging of User-Agent header: +#useragent_log /var/log/squid/user_agent.log + +# Uncomment the following line to enable logging of Referer header: +#referer_log /var/log/squid/referer.log + +acl all src 0.0.0.0/0.0.0.0 +acl localhost src 127.0.0.1/255.255.255.255 +acl SSL_ports port 443 563 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 563 # https, snews +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) + +acl IPCop_http port 81 +acl IPCop_https port 444 +acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__ +acl IPCop_networks src __GREEN_NET__ __BLUE_NET__ +acl CONNECT method CONNECT + +##Access to squid: +#local machine, no restriction +http_access allow localhost + +#GUI admin if local machine connects +http_access allow IPCop_ips IPCop_networks IPCop_http +http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https + +#Deny not web services +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports + +#Finally allow IPCop_networks clients +http_access allow IPCop_networks +http_access deny all