squid-cache.org

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

	Allowing or Denying access based on defined access lists

	Access to the HTTP port:
	http_access allow|deny [!]aclname ...

	NOTE on default values:

	If there are no "access" lines present, the default is to deny
	the request.

	If none of the "access" lines cause a match, the default is the
	opposite of the last line in the list.  If the last line was
	deny, the default is allow.  Conversely, if the last line
	is allow, the default will be deny.  For these reasons, it is a
	good idea to have an "deny all" entry at the end of your access
	lists to avoid potential confusion.

	This clause supports both fast and slow acl types.
	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.