[conspire] Squid and ACL's - Need Guidance
Peter Knaggs
peter.knaggs at gmail.com
Sun Feb 12 19:14:49 PST 2006
On 2/10/06, Alan <ajd at adavies.net> wrote:
> acl sitexxxcom dstdomain sitexxx.com
> http_access deny sitexxxcom
> http_access allow all
Hi Alan,
I've only used squid once as a way of caching
debian packages when installing multiple machines
with debian. I remember the acl stuff was very
confusing. I think that it's easy to get it
backwards, i.e. when you say "allow all" it
might ignore any deny rule, but I don't want to
steer you wrong, just we'll probably need to go
back and re-read the squid documentation.
In my case, I needed to allow only hosts on
the following three subnets to access the squid
proxy (these were accesses *from* the internal
network, not *to* the internet) so I used:
acl our_networks src 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
http_access allow our_networks
But I guess that's the opposite of what you're
doing, where you want to exclude only some websites
from being accessed *by* squid.
So could it be, you're using completely the wrong
area of squid configuration? Unfortuantely, I'm
only a squid newbie (one-time user), so I can't
tell you the right way, other than perhaps to
go back over the squid docs one more time.
I remmeber they were mighty-confusing, so best
of luck...
Peter.
More information about the conspire
mailing list