Operations ACL access Control simple configuration

Source: Internet
Author: User

Problem

With exercise three, you write and apply an ACL policy that implements the following requirements:

    • Allow network segment 192.168.4.0/24 from Monday to Friday from 09:30 to 18:00 through proxy access to the extranet

    • The IP address is 192.168.4.205 the host can not access the extranet at any time by proxy

4.2 Solutions

ACL access control permissions are defined through ACL directives.

ACL access control lists are applied through http_access.

Http_access strategy and rule order:

    • Http_access allows or prohibits a class of users from accessing the proxy based on the access control list;

    • Http_access rules are matched in the order they are arranged, and once the matching rules are detected, the matching detection ends immediately;

    • Access lists can consist of multiple rules;

    • If no rules match the access request, the default action will correspond to the last rule in the list;

    • Http_access defines the allowable rules by means of allow;

    • Http_access defines a deny rule by using Deny.

4.3 steps

The implementation of this case needs to follow the steps below.

Step One: Configure Squid access Control List

1) Modify the configuration file

  1. [[email protected] ~]# vim /etc/squid/squid. Conf

  2. .. ..

  3. acl   work_hours  time MTWHF  09 : : //define working time

  4. ACL LAN1 src 192.168.4.0 // /definition Network segment

  5. ACL PC1 src 192.168.4.205 // /define host

  6. #http_access allow localnet //comment diverted

  7. http_access allow LAN1 work_hours //Apply an ACL rule that allows hosts within the network segment to use a proxy server during business hours

  8. Http_access allow PC1 //apply ACL rules, allowing host

  9. Http_access deny All//Reject all

2) Restart Squid service

  1. [[email protected] ~]# service Squid restart

  2. stopping squid:                                            [  ok  

  3. starting                                           squid: . [ OK ]

Step Three: Client testing

Verify that you can use a proxy server in the appropriate time by modifying the client IP address.


Operations ACL access Control simple configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.