TAG NAME log_access

Description This options allows you to control which requests gets logged to access.log
Build Option
 Default
Usage
 log_access allow|deny acl acl…
Default
 none
Synopsis
Sometimes you will not be interested in certain access to be logged in the access.log file. This can be implemented using this tag as follows.

Arguments

allow/deny
 Allow or deny on matching the acl
aclname
 Access list to be allowed/denied on match

Example(s)
acl google url_regex ^http://www.google.co.in
log_access deny google
access_log /usr/local/Squid3.0pre3/var/logs/access.log common google
This will not log access to http://www.google.co.in into the access.log file.
Example(s)
(1) To allow http_access for only one machine with MAC Address 00:08:c7:9f:34:41

To use MAC address in ACL rules. Configure with option -enable-arp-acl.

acl all src 0.0.0.0/0.0.0.0
acl pl800_arp arp 00:08:c7:9f:34:41
http_access allow pl800_arp
http_access deny all

(2) To restrict access to work hours (9am – 5pm, Monday to Friday) from IP 192.168.2/24

acl ip_acl src 192.168.2.0/24
acl time_acl time M T W H F 9:00-17:00
http_access allow ip_acl time_acl
http_access deny all


(3) Can i use multitime access control list for different users for different timing.

Acl Defnitions,

acl abc src 172.161.163.85
acl xyz src 172.161.163.86
acl asd src 172.161.163.87
acl morning time 06:00-11:00
acl lunch time 14:00-14:30
acl evening time 16:25-23:59

Access Controls,

http_access allow abc morning
http_access allow xyz morning lunch
http_access allow asd lunch

This is wrong. The description follows:
Here access line “http_access allow xyz morning lunch” will not work. So ACLs are interpreted like this …

http_access RULE statement1 AND statement2 AND statement3 OR
http_access ACTION statement1 AND statement2 AND statement3 OR
……..


So, the ACL “http_access allow xyz morning lunch” will never work, as pointed, because at any given time, morning AND lunch will ALWAYS be false,
because both morning and lunch will NEVER be true at the same time. As one of them is false, and acl uses AND logical statement, 0/1 AND 0 will
always be 0 (false).

That’s because this line is in two. If now read,

http_access allow xyz AND morning OR
http_access allow xyz lunch


If request comes from xyz, and we’re in one of the allowed time, one of the rules will match TRUE. The other will obviously match FALSE. TRUE OR
FALSE will be TRUE, and access will be permitted.

Finally Access Control looks…

http_access allow abc morning
http_access allow xyz morning
http_access allow xyz lunch
http_access allow asd lunch
http_access deny all


(4) Rules are read from top to bottom. The first rule matched will be used. Other rules won’t be applied.

http_access allow xyz morning
http_access deny xyz
http_access allow xyz lunch


If xyz tries to access something in the morning, access will be granted. But if he tries to access something at lunchtime, access will be denied. It will be
denied by the deny xyz rule, that was matched before the ‘xyz lunch’ rule.