Solved

squid proxy

Posted on 2011-03-10
2
583 Views
Last Modified: 2012-05-11
i have a fedora box running squid as a proxy server. currently it is blocking everything but a few websites for a few of the pc's i take care off. the squid.conf file has entries like this

#walkup kiosk
acl blksites src 172.16.26.23
acl oksites dstdomain "/etc/squid/allowsites.acl"
http_access allow blksites oksites

# tom's pc
acl tomblksites src 172.16.26.26
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites

and so on - now i need, for the rest of the pc's ( so about 40 ) to allow everything and block only a few things like facebook. i found the convenience of the list very nice, so that i could add to the list and just restart the service. i've been told that squid reads the conf file from the top down. so i guess if i where to put something like
http_access allow all
at the bottom as the last entry - would that mean that all the entries above would be ignored, and then the pc's that are suppose to have everything blocked but a few sites would now be allowed all sites? is it possible to have the rules on the same server? or would i need a proxy to block everything and allow a few sites - and a proxy to allow everything and block a few?
0
Comment
Question by:JeffBeall
2 Comments
 
LVL 15

Accepted Solution

by:
DonConsolio earned 500 total points
ID: 35103854
- the ACLs are processed from top to bottom
- whenever a rule is matching processing stops and the rule is applied

try something like this:

acl mynet src 172.16.0.0/255.255.0.0

#walkup kiosk
acl blksites src 172.16.26.23
acl oksites dstdomain "/etc/squid/allowsites.acl"
#allow some sited for kiosk
http_access allow blksites oksites
# deny all the rest for kiosk
http_access deny blksites

# tom's pc
acl tomblksites src 172.16.26.26
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites
http_access deny tomblksites

http_access allow mynet



0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35116621
thank you, that worked just how i wanted it to.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question