Squid_ The Definitive Guide - Duane Wessels [194]
Syntax
http_access allow|deny [!]ACLname ...
Default
http_access deny all
Example
http_access allow MyClients
Related
acl, http_reply_access, miss_access, icp_access
Name
http_reply_access
Synopsis
The http_reply_access rules are similar to http_access, except that they are checked after Squid receives the HTTP response headers for a cache miss. You might want to use this access list to deny requests based on some characteristic of the response, such as the content type.
Syntax
http_reply_access allow|deny [!]ACLname ...
Default
http_reply_access allow all
Example
http_reply_access deny MP3Files
Related
acl, http_access
Name
icp_access
Synopsis
This access list applies to ICP queries. If a particular ICP query is denied by the icp_access rules, Squid returns an ICP_DENIED message to the neighbor.
Syntax
icp_access allow|deny [!]ACLname ...
Default
icp_access deny all
Example
icp_access allow Neighbor1
Related
acl, http_access
Name
miss_access
Synopsis
The miss_access rules are similar to http_access. However, they are applied to cache misses only. This allows you to enforce sibling relationships with your neighbor caches. See Section 6.3.7.
Syntax
miss_access allow|deny [!]ACLname ...
Default
miss_access allow all
Example
miss_access deny MySiblings
Related
acl, http_access
Name
cache_peer_access
Synopsis
The cache_peer_access rules determine which requests Squid will forward to a particular neighbor. If a particular request is denied by a cache_peer_access list, Squid doesn't forward the request to that neighbor. See Section 10.4.1.
Syntax
cache_peer_access peername allow|deny [!]ACLname ...
Default
No default
Example
cache_peer_access neighbor.host.name allow SomeOriginDomains
Related
acl, cache_peer, cache_peer_domain, http_access
Name
ident_lookup_access
Synopsis
The ident_lookup_access rules determine whether or not Squid performs an RFC 1413 username lookup for a client's TCP connection. These rules are checked before Squid reads any part of the HTTP request. Thus, only TCP/IP-based ACL elements (e.g., client address, port number) should be used in these rules.
Syntax
ident_lookup_access allow|deny [!]ACLname ...
Default
ident_lookup_access deny all
Example
ident_lookup_access allow TheseClients
Related
acl, ident_timeout
Name
tcp_outgoing_tos
Synopsis
This directive allows you to set specific DSCP (differential services code point) values for outgoing TCP connections—those made to origin servers and neighbors. The differential services protocol is quite complex. Simply using the example in the following table will get you nowhere. Make sure that you understand what you are doing before using this directive. See RFCs 2474, 2475, and 3140 for additional information on differential services.
Syntax
tcp_outgoing_tos byte-value [!]ACLname ...
Default
No default
Example
acl NormalService src 10.0.0.0/255.255.255.0
acl BetterService src 10.0.1.0/255.255.255.0
tcp_outgoing_tos 0x00 NormalService
tcp_outgoing_tos 0x20 BetterService
Name
tcp_outgoing_address
Synopsis
You can use this access list-based directive to bind outgoing TCP connections to specific local addresses. It might be useful if your system has multiple network interfaces, and you want to make sure all of Squid's traffic leaves through one and not the other. Another possibility is that you have two or more interfaces with different costs or characteristics. You may want to send privileged user's traffic through the expensive, uncongested link, while other users go out the cheap, low-quality connection. Don't use this directive if your system has only one network interface.
If you have an tcp_outgoing_address rule with no ACLs, that address is used for requests that don't match any of the other rules.
Syntax
tcp_outgoing_address