[conspire] Squid and ACL's - Need Guidance

Peter Knaggs peter.knaggs at gmail.com
Sun Feb 12 19:14:49 PST 2006

On 2/10/06, Alan <ajd at adavies.net> wrote:

> acl sitexxxcom dstdomain sitexxx.com
> http_access deny sitexxxcom
> http_access allow all

Hi Alan,

   I've only used squid once as a way of caching
   debian packages when installing multiple machines
   with debian. I remember the acl stuff was very
   confusing. I think that it's easy to get it
   backwards, i.e. when you say "allow all" it
   might ignore any deny rule, but I don't want to
   steer you wrong, just we'll probably need to go
   back and re-read the squid documentation.

   In my case, I needed to allow only hosts on
   the following three subnets to access the squid
   proxy (these were accesses *from* the internal
   network, not *to* the internet) so I used:

  acl our_networks src
  http_access allow our_networks

   But I guess that's the opposite of what you're
   doing, where you want to exclude only some websites
   from being accessed *by* squid.

   So could it be, you're using completely the wrong
   area of squid configuration? Unfortuantely, I'm
   only a squid newbie (one-time user), so I can't
   tell you the right way, other than perhaps to
   go back over the squid docs one more time.
   I remmeber they were mighty-confusing, so best
   of luck...


More information about the conspire mailing list