- 论坛徽章:
- 0
|
#############ACL###############
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT#acl all_user proxy_auth REQUIRED
#acl auth_user proxy_auth -i "/etc/squid/acl/wwwuser"
acl allowvlan src "/etc/squid/acl/allowvlan"
#acl worktime time MTWHF 8:30-21:00
#acl denyvlan src "/etc/squid/acl/denyvlan"
#acl denydomain dstdomain "/etc/squid/acl/denydomain"
#acl denyweb dst "/etc/squid/acl/denyweb"
#############http_access##########
http_access deny !allowvlan
#http_access deny !Safe_ports
#http_access deny !worktime
#http_access allow auth_user
#http_access deny all_user
#http_access allow manager localhost
#http_access deny denydomain
#http_access deny denyweb
#http_access deny manager
#http_access deny CONNECT !SSL_ports
#http_access allow localhost
#http_reply_access allow all
#icp_access allow all
http_access deny all
真正生效的就这几个,其他都是测试的。为什么“http_access deny !allowvlan”这句不生效呢?在aclallowvlan里写的192.168.40.0/24。
但是当把这句换成“http_access allow allowvlan”就生效。麻烦谁帮忙解释一下!
难道我没吃透这语法? |
|