# ACCESS CONTROLS / Zugriffskontrolle #----------------------------------------------------------------------------- # Defining an Access List # Definieren von Access-Listen = acl # Jede acl bekommt einen Namen = aclname # Dann kommt der Typ der acl = acltype # Zum Abschluss die Parameter = string1 string2 ... # Parameter koennen auch in Datei file stehen # # acl aclname acltype string1 ... # acl aclname acltype "file" ... # # when using "file", the file should contain one item per line # bei der Verwendung von "file" muss die Datei einen Eintrag pro Zeile haben # # acltype is one of src dst srcdomain dstdomain url_pattern urlpath_pattern # time port proto method browser user # acltype ist einer von: # src source, Quelle # dst destination, Ziel # srcdomain sourcedomain, Quelldomain # dstdomain destinationdomain, Zieldomain # url_pattern Suchmuster auf den ganzen URL # urlpath_pattern Suchmuster nur auf den URL-Pfad # time Zeit # port Port # proto Protokoll # method Methode # browser Browser # user User # ################# # src ################# # acl aclname src ip-address/netmask ... (clients IP address) # acl aclname src IP-Adresse/netmask ... (IP-Adressen der Clients) # acl aclname src addr1-addr2/netmask ... (range of addresses) # acl aclname src addr1-addr2/netmask ... (Bereich von IP-Adressen) # ################# # dst ################# # acl aclname dst ip-address/netmask ... (URL host's IP address) # acl aclname dst IP-Adresse/netmask ... (IP-Adresse des Host im URL) # ################# # srcdomain ################# # acl aclname srcdomain foo.com ... (taken from reverse DNS lookup) # acl aclname srcdomain foo.com ... (Quelldomain ueber reverse DNS lookups bestimmt) # ################# # dstdomain ################# # acl aclname dstdomain foo.com ... (taken from the URL) # acl aclname dstdomain foo.com ... (Zieldomain aus dem URL) # ################# # time ################# # acl aclname time [day-abbrevs] [h1:m1-h2:m2] # acl aclname time [Tagkurzform] [h1:m1-h2:m2] # day-abbrevs: [Tagkurzform] # S - Sunday S - Sonntag # M - Monday M - Montag # T - Tuesday T - Dienstag # W - Wednesday W - Mittwoch # H - Thursday H - Donnerstag # F - Friday F - Freitag # A - Saturday A - Samstag # h1:m1 must be less than h2:m2 # h1:m1 muss kleiner sein als h2:m2 # ################# # url_regex ################# # acl aclname url_regex ^http:// ... # regex matching on whole URL # acl aclname url_regex ^http:// ... # Suchmuster auf den ganzen URL # ################# # urlpath_regex ################# # acl aclname urlpath_regex \.gif$ ... # regex matching on URL path only # acl aclname urlpath_regex \.gif$ ... # Suchmuster nur auf den URL-Pfad # ################# # port ################# # acl aclname port 80 70 21 ... # acl aclname port 80 70 21 ... # Portabhaengige Zugriffsliste # ################# # proto ################# # acl aclname proto HTTP FTP ... # acl aclname proto HTTP FTP ... # Protokollabhaengige Zugriffsliste # ################# # method ################# # acl aclname method GET POST ... # acl aclname method GET POST ... # Methodenabhaengige Zugriffsliste # ################# # browser ################# # acl aclname browser regexp # acl aclname browser regexp # Zugriff Browserabhaengig (Suchmuster) # ################# # user ################# # acl aclname user username ... # string match on ident output. # # use REQUIRED to accept any # # non-null ident. # acl aclname user username ... # Zeichenkette die auf ident passt # # benutzt REQUIRED zum Akzeptieren # # User werden mit in Logfiles geschrieben # # funktioniert auch bei ident_lookup off acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl all src 0.0.0.0/0.0.0.0 acl SSL_ports port 443 563 acl CONNECT method CONNECT # Allowing or Denying access based on defined access lists # # Access to the HTTP port: # http_access allow|deny [!]aclname ... # # Access to the ICP port: # icp_access allow|deny [!]aclname ... # Only allow access to the cache manager functions from the local host. http_access deny manager !localhost http_access deny CONNECT !SSL_ports # Allow everything else http_access allow all # Reply to all ICP queries we receive icp_access allow all # TAG: miss_access # Use to force your neighbors to use you as a sibling instead of # a parent. For example: # # acl localclients src 172.16.0.0/16 # miss_access allow localclients # miss_access deny !localclients # # This means that only your local clients are allowed to fetch # MISSES and all other clients can only fetch HITS. # # By default, allow all clients who passed the http_access rules # to fetch MISSES from us. miss_access allow all # TAG: cache_host_acl # Just like 'cache_host_domain' but provides more flexibility by # using ACL's. # # cache_host_acl cache-host [!]aclname ... # # NOTE: * Any number of ACL's may be given for a cache-host, # either on the same or separate lines. # * When multiple ACL's are given for a particular # cache-host, the first matched ACL is applied. # * Cache hosts with no domain or ACL restrictions are # queried for all requests. # * There are no defaults.