Thanks Amos and Klauss for your response.
On Wednesday, 24 February, 2021, 05:03:57 pm IST, Amos Jeffries <squ...@treenet.co.nz> wrote: On 24/02/21 10:14 pm, Klaus Brandl wrote: > The acl for the url must be of type url_regex, or something else: > > acl allowedurl url_regex "url.txt" > This line tells Squid to load a file full of regex patterns. Nothing more. The http_access line is the list of rules that determines when those loaded values are tested against a URL, and what happens when the URL matches (or not) any of the patterns. > > Am Dienstag, den 23.02.2021, 18:09 +0000 schrieb Arjun K: >> Hi Team >> >> Could you please let me know how to define an acl so that a specific >> set of IPs can access alone a specific set of URLs. Have you read the docs on how Squid does access control? <https://wiki.squid-cache.org/SquidFaq/SquidAcl#The_Basics:_How_the_parts_fit_together> The example config you showed indicates a lack of understanding the syntax. That understanding is key to these things actually working the way you want. Lets look at your stated requirements: > define an acl acl okay_urls url_regex "/etc/squid/url.txt" > a specific set of IPs can access alone a specific set of URLs. That sentence is an access policy. It has three parts: 1) "set of IPs" I have assumed from the "can access" words that you mean client IPs. Which in networking are the TCP src-IP value. So ... acl set_of_IPs src 192.0.2.1 192.0.2.45 192.0.2.156 2) "set of URLs" So ... acl set_of_urls url_regex "/etc/squid/url.txt" 3) "can access alone" I assume that means you want these IPs to access the URLs. But no others to be able to access those same URLs. So ... # permit set_of_ips http_access allow set_of_ips set_of_urls http_access deny set_of_urls > Also, I have an existing configuration which should not get affected > and it should not interfere in the rules which were allowed for the > servers previously. The most important word there is "previously". This is where *you* understanding how Squid access controls fit together matters *a lot*. The first http_access line that matches entirely will _end_ processing of the 'http_access' sequence. The action (allow/deny) specified on that matched line will be done. So where you place the above http_access lines determine which transactions will be able to reach and be tested by them. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users