Re: [squid-users] acl user

Explains it well.. unfortunately it is not the terminology used in
squid.conf which made me a bit confused when you asked about classes
and operators..

classes == acl directive

operators == *_access directives.

There are many acl types defined by the acl directive. Some of them
refer to users, maninly the the proxy_auth acl type.

Regards
Henrik

On Wednesday 16 April 2003 04.54, George Dominguez wrote:
> Sorry, Henrik, I probably miss understood the following from the
> users guide
>
> Access Classes and Operators
>
>
> There are two elements to access control: classes and operators.
> Classes are defined with the acl squid.conf tag, while the names of
> the operators vary: the most common operator used is http_access.
>
>
> Classes. A class normally refers to a set of users. (A class can
> also refer to a list of destination domains, filename extensions
> and more, but for now let's start with the basics!). If you have 50
> people that are allowed Internet access, you could put all of their
> IP addresses in a list, and use that list as a "class of IP
> addresses that have Internet access".
>
>
> Operators. It's often useful to use one set of ACLs for ICP and
> another for HTTP. This way you can apply different sets of rules
> for different protocols; this comes in very useful when you have a
> number of peering arrangements. Most ISP's do not want their caches
> to be SNMP-queried by all of their customers: they do, however,
> want all their customers to have access to browser access. In
> short, you want one set of acls to apply to HTTP traffic, another
> to apply to SNMP - and that's exactly what you get. For each
> protocol there is a different acl-operator, examples include the
> http_access, icp_access and snmp_access tags. It's very important
> to note that there is a not an ftp_access type. FTP requests are
> passed to the cache using the HTTP format (it's just a different
> format URL that gets sent to the cache server). The proto acl type
> (discussed shortly, with examples!) allows you to deny access to
> the cache if it's FTP, HTTP, SSL etc.
>
>
>
>
>
>
> Henrik Nordstrom
> <hno@squid-cache. To: George
> Dominguez <GDominguez@mteliza.com.au> org> cc:
> squid-users@squid-cache.org Sent by: Subject:
> Re: [squid-users] acl user hno@marasystems.c
> om
>
>
> 15/04/2003 04:56
> PM
>
> George Dominguez wrote:
> > My question is: I see we have an operator type 'user', how do we
> > combine the operator 'user' in an acl?
>
> What operator type, where?
>
> Squid does not have a concept of "operator types".
>
>
> Squid does have proxy authentication, and you combine proxy
> authentication acls just like any other acl types.
>
> Please expand your question a bit.
>
> Regards
> Henrik
Received on Tue Apr 15 2003 - 23:55:00 MDT