[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 590
  • Last Modified:

squid proxy

i have a fedora box running squid as a proxy server. currently it is blocking everything but a few websites for a few of the pc's i take care off. the squid.conf file has entries like this

#walkup kiosk
acl blksites src 172.16.26.23
acl oksites dstdomain "/etc/squid/allowsites.acl"
http_access allow blksites oksites

# tom's pc
acl tomblksites src 172.16.26.26
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites

and so on - now i need, for the rest of the pc's ( so about 40 ) to allow everything and block only a few things like facebook. i found the convenience of the list very nice, so that i could add to the list and just restart the service. i've been told that squid reads the conf file from the top down. so i guess if i where to put something like
http_access allow all
at the bottom as the last entry - would that mean that all the entries above would be ignored, and then the pc's that are suppose to have everything blocked but a few sites would now be allowed all sites? is it possible to have the rules on the same server? or would i need a proxy to block everything and allow a few sites - and a proxy to allow everything and block a few?
0
JeffBeall
Asked:
JeffBeall
1 Solution
 
DonConsolioCommented:
- the ACLs are processed from top to bottom
- whenever a rule is matching processing stops and the rule is applied

try something like this:

acl mynet src 172.16.0.0/255.255.0.0

#walkup kiosk
acl blksites src 172.16.26.23
acl oksites dstdomain "/etc/squid/allowsites.acl"
#allow some sited for kiosk
http_access allow blksites oksites
# deny all the rest for kiosk
http_access deny blksites

# tom's pc
acl tomblksites src 172.16.26.26
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites
http_access deny tomblksites

http_access allow mynet



0
 
JeffBeallAuthor Commented:
thank you, that worked just how i wanted it to.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now