squid proxy

Posted on 2011-03-10
Last Modified: 2012-05-11
i have a fedora box running squid as a proxy server. currently it is blocking everything but a few websites for a few of the pc's i take care off. the squid.conf file has entries like this

#walkup kiosk
acl blksites src
acl oksites dstdomain "/etc/squid/allowsites.acl"
http_access allow blksites oksites

# tom's pc
acl tomblksites src
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites

and so on - now i need, for the rest of the pc's ( so about 40 ) to allow everything and block only a few things like facebook. i found the convenience of the list very nice, so that i could add to the list and just restart the service. i've been told that squid reads the conf file from the top down. so i guess if i where to put something like
http_access allow all
at the bottom as the last entry - would that mean that all the entries above would be ignored, and then the pc's that are suppose to have everything blocked but a few sites would now be allowed all sites? is it possible to have the rules on the same server? or would i need a proxy to block everything and allow a few sites - and a proxy to allow everything and block a few?
Question by:JeffBeall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 15

Accepted Solution

DonConsolio earned 500 total points
ID: 35103854
- the ACLs are processed from top to bottom
- whenever a rule is matching processing stops and the rule is applied

try something like this:

acl mynet src

#walkup kiosk
acl blksites src
acl oksites dstdomain "/etc/squid/allowsites.acl"
#allow some sited for kiosk
http_access allow blksites oksites
# deny all the rest for kiosk
http_access deny blksites

# tom's pc
acl tomblksites src
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites
http_access deny tomblksites

http_access allow mynet


Author Closing Comment

ID: 35116621
thank you, that worked just how i wanted it to.

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question