Access Control

Access control is one of the main reason to use a proxy. The ACL system of Squid has options to control almost every aspect of an HTTP request. Access control can be restricted by time of day, by domain/URI, by user (logging into proxy), and by content. Configuration files are processed sequentially.

To enable the ACL named hourlyworkers to only use the proxy during business hours, do:

acl workinghours time MTWHF 08:00-18:00
http_access allow hourlyworkers workinghours
http_access deny hourlyworkers

To restrict by a part of the URI, do:

acl banned_reddit url_regex ˆhttp://.*reddit.com/.*$
http_access deny banned_reddit

To allow only authenticated users to use the following configuration, do:

acl valid_users proxy_auth REQUIRED
http_access allow valid_users
http_access deny all

When building ACLs or configuration files for Squid, remember that the first match wins. Therefore, start your ACLs with the most specific options in the beginning.

Linux System Engineer (LF-ENG)

Modul 1

Course Introduction
Modul 2

Linux Networking: Concepts and Review

Modul 3

Network Configuration

Modul 4

Network Troubleshooting and Monitoring

Modul 5

Remote Access

Modul 6

Domain Name Service

Modul 7

HTTP Servers

Modul 8

Advanced HTTP Server

Modul 9

Email Servers

Modul 10

File Sharing

Modul 11

Advanced Networking

Modul 12

HTTP Caching

Modul 13

Network File Systems

Modul 14

Network Security

Modul 15

Firewalls

Modul 16

High Availability

Modul 17

Databases

Modul 18

System Log

Modul 19

Package Management