Squid Proxy Configuration

Description
This will look client IP Address.

Example
1.This refers to the whole Network with address 172.16.1.0 – acl aclname src 172.16.1.0/24
2.This refers specific single IP Address – acl aclname src 172.16.1.25/32
3.This refers range of IP Addresses from 172.16.1.25-172.16.1.35 – acl aclname src 172.16.1.25-172.16.1.35/32

Note
While giving Netmask caution must be exerted in what value is given

Description
This is same as src with only difference refers Server IPaddress. First Squid will dns-lookup for IPAddress from the domain-name, which is in request header. Then this acl is interpreted.

Description
Since squid needs to reverse dns lookup (from client ip-address to client domain-name) before this acl is interpreted, it can cause processing delays. This lookup adds some delay to the request.

Example
acl aclname srcdomain .kovaiteam.com

Note
Here “.” is more important.

Description
This is the effective method to control specific domain

Example
acl aclname dstdomain .kovaiteam.com
Hence this looks for *.kovaiteam.com from URL
Hence this looks for *.kovaiteam.com from URL

Note
Here “.” is more important.

Description
Since squid needs to reverse dns lookup (from client ip-address to client domain-name) before this acl is interpreted, it can cause processing delays. This lookup adds some delay to the request

Example
acl aclname srcdom_regex kovai
Hence this looks for the word kovai from the client domain name

Note
Better avoid using this acl type to be away from latency.

Description
This is also an effective method as dstdomain

Example
acl aclname dstdom_regex kovai
Hence this looks for the word kovai from the client domain name

Description
Time of day, and day of week

Example
acl ACLTIME time M 9:00-17:00
ACLTIME refers day of Monday from 9:00 to 17:00.

Description
The url_regex means to search the entire URL for the regular expression you specify. Note that these regular expressions are case-sensitive. To make them case-insensitive, use the -i option.

Example
acl ACLREG url_regex cooking
ACLREG refers to the url containing “cooking” not “Cooking”

Description
The urlpath_regex regular expression pattern matching from URL but without protocol and hostname. Note that these regular expressions are case-sensitive

Example
acl ACLPATHREG urlpath_regex cooking
ACLPATHREG refers only containing “cooking” not “Cooking”; and without referring protocol and hostname.
If URL is http://www.squidconfiguration.com/folder/subdir/cooking/first.html then this acltype only looks after http://www.squidconfiguration.com .
In other words, if URL is http://www.squidconfiguration.com/folder/subdir/cooking/first.html then this acltype’s regex must match /folder/subdir/cooking/first.html .

Description
Access can be controlled by destination (server) port address

Example
This example allows http_access only to the destination 172.16.1.115:80 from network 172.16.1.0

acl acceleratedhost dst 172.16.1.115/255.255.255.255
acl acceleratedport port 80
acl mynet src 172.16.1.0/255.255.255.0
http_access allow acceleratedhost acceleratedport mynet
http_access deny all

Description
This specifies the transfer protocol

Example
acl aclname proto HTTP FTP
This refers protocols HTTP and FTP

Description
This specifies the type of the method of the request

Example
acl aclname method GET POST
This refers get and post methods only

Description
Regular expression pattern matching on the request’s user-agent header

Example
acl aclname browser MOZILLA
This refers to the requests, which are coming from the browsers who have “MOZILLA” keyword in the user-agent header.

Description
String matching on the user’s name

Example
You can use ident to allow specific users access to your cache. This requires that an ident server process runs on the user’s machine(s). In your squid.conf configuration file you would write something like this:

ident_lookup on
acl friends ident kim lisa frank joe
http_access allow friends
http_access deny all

Description
Regular expression pattern matching on the user’s name. String match on ident output. Use REQUIRED to accept any non-null ident

Example
You can use ident to allow specific users access to your cache. This requires that an ident server process run on the user’s machine(s). In your squid.conf configuration file you would write something like this:

ident_lookup on
acl friends ident_regex joe
This looks for the pattern “joe” in username

Description
source (client) Autonomous System number

Description
destination (server) Autonomous System number

Description
User authentication via external processes. proxy_auth requires an EXTERNAL authentication program to check username/password combinations (see authenticate_program ).

Example
acl ACLAUTH proxy_auth usha venkatesh balu deepa

This acl is for authenticating users usha, venkatesh, balu and deepa by external programs.

Warning
proxy_auth can’t be used in a transparent proxy. It collides with any authentication done by origin servers. It may seem like it works at first, but it doesn’t. When a Proxy-Authentication header is sent but it is not needed during ACL checking the username is NOT logged in access.log.

Description
This is same as proxy_auth with a difference. That is it matches the pattern with usernames, which are given in authenticate_program

Description
SNMP community string matching

Example
acl aclname snmp_community public
snmp_access aclname

Description
A limit on the maximum number of connections from a single client IP address. It is an ACL that will be true if the user has more than maxconn connections open. It is used in http_access to allow/deny the request just like all the other acl types.

Example
acl someuser src 1.2.3.4
acl twoconn maxconn 5
http_access deny someuser twoconn
http_access allow !twoconn

Note
maxconn acl requires client_db feature, so if you disabled that (client_db off) maxconn won’t work.

Description
Regular expression pattern matching on the request content-type header

Example
acl aclname req_mime_type text

This acl looks for the pattern “text” in request mime header