Time for action – using a request protocol to construct access rules
Let's say we want to deny all FTP requests from a particular subnet, known as, research labs. The configuration should look similar to the following:
acl ftp_requests proto FTP acl research_labs src 192.0.2.0/24 http_access deny research_labs ftp_requests
The previous configuration lines will instruct Squid to deny all the FTP requests from the network 192.0.2.0/24.
Note
Please note that some firewalls block active FTP by default. Please check http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html for more information.
Apart from the previously mentioned standard schemes, we have a Squid specific URL scheme called cache_object, which is used for the cache manager (cachemgr) interface. By default, the cache manager can only be accessed from the Squid proxy server itself because of the following code in squid.conf:
acl manager proto cache_object acl localhost src 127.0.0.1/32 http_access allow manager localhost http_access...
