JeffBeall
asked on
squid
i have squid running on a fedora box. i want to make an entry in the squid.conf to allow everything and then have a block list - so kind of the opposite of what i currently have - for example one of my entries looks like this.
# walkup kiosk
acl blockedsites src 172.16.26.100
acl oksites dstdomain "/etc/squid/allowedsites.a cl"
http_access allow blockedsites oksites
I'm just not sure what the syntax would be. any ideas?
# walkup kiosk
acl blockedsites src 172.16.26.100
acl oksites dstdomain "/etc/squid/allowedsites.a
http_access allow blockedsites oksites
I'm just not sure what the syntax would be. any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
this sounds like what i want, but in the following
http_access deny blockedsites
http_access allow all
after deny - would i have to tell squid where blockedsites is? I mean isn't blockedsites a list? do i need to begin these line with acl?
also, how could i use the above command on a block of ip's?
http_access deny blockedsites
http_access allow all
after deny - would i have to tell squid where blockedsites is? I mean isn't blockedsites a list? do i need to begin these line with acl?
also, how could i use the above command on a block of ip's?
The problem is that you have defined blockedsites as a network IP.
acl blockedsites src 172.116.26.100
you can deny it access while allowing all else
http_access deny blockedsites
http_access allow all
Double check what it is you want to block and to where.
acl blockedsites src 172.116.26.100
you can deny it access while allowing all else
http_access deny blockedsites
http_access allow all
Double check what it is you want to block and to where.
ASKER
" The problem is that you have defined blockedsites as a network IP."
i am new to squid - and the vast majority of my entries in squid.conf is the result of google. so if that entry isn't correct i have no problem removing it.
mostly i want to allow access to everything but a list of blocked sites - i would like a list so that as needed i could just add to the list and restart the squid service.
i am new to squid - and the vast majority of my entries in squid.conf is the result of google. so if that entry isn't correct i have no problem removing it.
mostly i want to allow access to everything but a list of blocked sites - i would like a list so that as needed i could just add to the list and restart the squid service.
Suppose you want to block access to facebook and youtube:
acl blockedsites dstdomain .facebook.com .youtube.com
or
acl blockedsites dstdomain "/etc/squid/blockedsites.t
and put the forbidden sites in that text file.
ASKER
so it would be
acl blockedsites dstdomain "/etc/squid/blockedsites.t xt"
http_access allow all
?
acl blockedsites dstdomain "/etc/squid/blockedsites.t
http_access allow all
?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you! this worked perfectly.
http_access deny blockedsites
http_access allow all
(the order of these is important, first block specific things, then allow the rest)