#!/bin/csh -f
#
# Usage: SETACL outputfile
#
# $Id: SETACL,v 1.1.1.1 2003/02/21 16:47:37 lmwang Exp $
#

if ($#argv < 1) then
    echo "Usage: $0 outputfile"
    exit 1
endif

set outfile = "$1"

#
# Let them change desired access control level
#
echo " "
echo "Configure desired cache access control level:"
echo " "
echo "1. Default"
echo "HTTP access only from IPs within the same subnet, only to valid ports."
echo "(good for many forward proxy applications)"
echo " "
echo "2. Unrestricted client IP"
echo "HTTP access from any IP, but only to valid ports."
echo "(good for many reverse proxy applications)"
echo " "
echo "3. Unrestricted"
echo "HTTP access from any IP and to any port"
echo " "
echo -n "Enter choice [default 1]: "
set  acclevel = "$<"

echo " "

if (x"$acclevel" == x) then
    set acclevel = 1
endif

if (x"$acclevel" != x1 && x"$acclevel" != x2 && x"$acclevel" != x3) then
    echo "Unknown access control level -- assuming default."
    echo " "
    set acclevel = 1
endif

rm -f $outfile

if (x"$acclevel" == x1) then
    cat > $outfile <<EOF
acl all src all
acl subnets src subnets
acl SSL_ports port 443 563 1025-65535
acl Safe_ports port 80 21 443 563 70 210 280 554 488 591 777 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny !SSL_ports CONNECT
http_access allow subnets
http_access deny all
icp_access deny all
snmp_access deny all
miss_access allow all
EOF
else if (x"$acclevel" == x2) then
    cat > $outfile <<EOF
acl all src all
acl SSL_ports port 443 563 1025-65535
acl Safe_ports port 80 21 443 563 70 210 280 554 488 591 777 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny !SSL_ports CONNECT
http_access allow all
icp_access deny all
snmp_access deny all
miss_access allow all
EOF
else if (x"$acclevel" == x3) then
    cat > $outfile <<EOF
acl all src all
http_access allow all
icp_access deny all
snmp_access deny all
miss_access allow all
EOF
endif