src: source (client) IP addresses

dst: destination (server) IP addresses

myip: the local IP address of a client's connection

arp: Ethernet (MAC) address matching

srcdomain: source (client) domain name

dstdomain: destination (server) domain name

srcdom_regex: source (client) regular expression pattern matching

dstdom_regex: destination (server) regular expression pattern matching

src_as: source (client) Autonomous System number

dst_as: destination (server) Autonomous System number

peername: name tag assigned to the cache_peer where request is expected to be sent.

time: time of day, and day of week

url_regex: URL regular expression pattern matching

urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and hostname

port: destination (server) port number

myport: local port number that client connected to

myportname: name tag assigned to the squid listening port that client connected to

proto: transfer protocol (http, ftp, etc)

method: HTTP request method (get, post, etc)

http_status: HTTP response status (200 302 404 etc.)

browser: regular expression pattern matching on the request user-agent header

referer_regex: regular expression pattern matching on the request http-referer header

ident: string matching on the user's name

ident_regex: regular expression pattern matching on the user's name

proxy_auth: user authentication via external processes

proxy_auth_regex: regular expression pattern matching on user authentication via external processes

snmp_community: SNMP community string matching

maxconn: a limit on the maximum number of connections from a single client IP address

max_user_ip: a limit on the maximum number of IP addresses one user can login from

req_mime_type: regular expression pattern matching on the request content-type header

req_header: regular expression pattern matching on a request header content

rep_mime_type: regular expression pattern matching on the reply (downloaded content) content-type header. This is only usable in the http_reply_access directive, not http_access.

rep_header: regular expression pattern matching on a reply header content. This is only usable in the http_reply_access directive, not http_access.

external: lookup via external acl helper defined by external_acl_type

user_cert: match against attributes in a user SSL certificate

ca_cert: match against attributes a users issuing CA SSL certificate

ext_user: match on user= field returned by external acl helper defined by external_acl_type

ext_user_regex: regular expression pattern matching on user= field returned by external acl helper defined by external_acl_type