Use squid ACL and access list to implement efficient access control

Squid is a software used to cache Internet data. It receives user download requests and automatically processes the downloaded data. When a user wants to download a home page, he/she can send an application to squid to download the page instead of squid. Then, squid connects to the requested website and requests the home page, the home page is sent to the user and a backup is retained at the same time. When other users apply for the same page, squid immediately transmits the saved backup to the user, making the user feel that the speed is quite fast. Squid can act as proxy for HTTP, FTP, Gopher, SSL, WAIS, and so on. Squid can be automatically processed and squid can be set as needed, to filter out unwanted things.

Squid can work in many operating systems, such as Aix, digital, UNIX, FreeBSD, HP-UX, Irix, Linux, NetBSD, nextstep, SCO, Solaris, OS/2, etc.

Reasonable Use of access control is very important during use. With the access control feature, you can control the caching, access to a specific site, or a group of sites at a specific time interval. Squid Access Control has two elements: ACL element and access list. The access list allows or denies access to this service by some users. The following describes the ACL elements and how to use the access list.

1. ACL Element

The syntax defined by this element is as follows:

acl aclname acltype string1…
acl aclname acltype "file"…

When a file is used, the format of the file is that each line contains an entry.

Acltype can be SRC, DST, srcdomain, dstdomain, url_regex, urlpath_regex, time, port, proto, or method.

SRC: Specifies the source address. You can use the following method:

ACL aclname src ip-address/netmask... customer IP address ACL aclname SRC addr1-addr2/netmask... address range

DST: Specify the target address, that is, the IP address of the server requested by the customer. Syntax:

acl aclname dst ip-address/netmask ... 

Srcdomain: Specifies the domain to which the customer belongs. Squid will reverse query DNS based on the customer's IP address. Syntax:

acl aclname srcdomain foo.com ... 

Dstdomain: Specifies the domain of the Request server, which is determined by the URL requested by the customer. Syntax:

ACL aclname dstdomain foo.com .... Note: If you use the Server IP address instead of the complete domain name, squid performs reverse DNS resolution to determine its complete domain name. If the domain name fails, the record is "NONE ".

Time: Specifies the access time. Syntax:

acl aclname time [day-abbrevs] [h1:m1-h2:m2][hh:mm-hh:mm]

The abbreviation of a date is as follows:

1. S: Sunday
2. M: Monday
3. T: Tuesday
4. W: Wednesday
5. H: Thursday
6. F: Friday.
7. A: Saturday

In addition, H1: M1 must be smaller than H2: m2, and the expression is [hh: Mm-hh: mm].

Port: Specifies the access port. You can specify multiple ports, for example:

ACL aclname port 80 70 21... ACL aclname port 0-1024... specify a port range

PROTO: Specifies the protocol used. You can specify multiple protocols:

acl aclname proto HTTP FTP ...

Method: Specifies the request method. For example:

acl aclname method GET POST ...

Url_regex: URL rule expression matching. Syntax:

acl aclname url_regex[-i] pattern

Urlpath_regex: URL-path rule expression matching, skipping the protocol and host name. Its syntax is:

acl aclname urlpath_regex[-i] pattern

When using the preceding ACL elements, pay attention to the following points:

1. Acltype can be any name defined in the ACL.
2. No two ACL elements must have the same name.
3. Each ACL consists of list values. When matching is detected, multiple values are connected by logic or operation. In other words, if the value of any ACL element is matched, the ACL element is matched.
4. Not all ACL elements can use all types in the access list.
5. Different ACL elements are written in different rows. Squid combines these elements in a list.