squid-cache : ACL elements

***** ACL TYPES AVAILABLE *****

• src: source (client) IP addresses
• dst: destination (server) IP addresses
• myip: the local IP address of a client's connection
• arp: Ethernet (MAC) address matching
• srcdomain: source (client) domain name
• dstdomain: destination (server) domain name
• srcdom_regex: source (client) regular expression pattern matching
• dstdom_regex: destination (server) regular expression pattern matching
• src_as: source (client) Autonomous System number
• dst_as: destination (server) Autonomous System number
• peername: name tag assigned to the cache_peer where request is expected to be sent.
• time: time of day, and day of week
• url_regex: URL regular expression pattern matching
• urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname
• port: destination (server) port number
• myport: local port number that client connected to
• myportname: name tag assigned to the squid listening port that client connected to
• proto: transfer protocol (http, ftp, etc)
• method: HTTP request method (get, post, etc)
• http_status: HTTP response status (200 302 404 etc.)
• browser: regular expression pattern matching on the request user-agent header
• referer_regex: regular expression pattern matching on the request http-referer header
• ident: string matching on the user's name
• ident_regex: regular expression pattern matching on the user's name
• proxy_auth: user authentication via external processes
• proxy_auth_regex: regular expression pattern matching on user authentication via external processes
• snmp_community: SNMP community string matching
• maxconn: a limit on the maximum number of connections from a single client IP address
• max_user_ip: a limit on the maximum number of IP addresses one user can login from
• req_mime_type: regular expression pattern matching on the request content-type header
• req_header: regular expression pattern matching on a request header content
• rep_mime_type: regular expression pattern matching on the reply (downloaded content) content-type header. This is only usable in the http_reply_access directive, not http_access.
• rep_header: regular expression pattern matching on a reply header content. This is only usable in the http_reply_access directive, not http_access.
• external: lookup via external acl helper defined by external_acl_type
• user_cert: match against attributes in a user SSL certificate
• ca_cert: match against attributes a users issuing CA SSL certificate
• ext_user: match on user= field returned by external acl helper defined by external_acl_type
• ext_user_regex: regular expression pattern matching on user= field returned by external acl helper defined by external_acl_type

 Sumber : http://wiki.squid-cache.org