Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


squid proxy

Posted on 2011-03-10
Medium Priority
Last Modified: 2012-05-11
i have a fedora box running squid as a proxy server. currently it is blocking everything but a few websites for a few of the pc's i take care off. the squid.conf file has entries like this

#walkup kiosk
acl blksites src
acl oksites dstdomain "/etc/squid/allowsites.acl"
http_access allow blksites oksites

# tom's pc
acl tomblksites src
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites

and so on - now i need, for the rest of the pc's ( so about 40 ) to allow everything and block only a few things like facebook. i found the convenience of the list very nice, so that i could add to the list and just restart the service. i've been told that squid reads the conf file from the top down. so i guess if i where to put something like
http_access allow all
at the bottom as the last entry - would that mean that all the entries above would be ignored, and then the pc's that are suppose to have everything blocked but a few sites would now be allowed all sites? is it possible to have the rules on the same server? or would i need a proxy to block everything and allow a few sites - and a proxy to allow everything and block a few?
Question by:JeffBeall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 15

Accepted Solution

DonConsolio earned 2000 total points
ID: 35103854
- the ACLs are processed from top to bottom
- whenever a rule is matching processing stops and the rule is applied

try something like this:

acl mynet src

#walkup kiosk
acl blksites src
acl oksites dstdomain "/etc/squid/allowsites.acl"
#allow some sited for kiosk
http_access allow blksites oksites
# deny all the rest for kiosk
http_access deny blksites

# tom's pc
acl tomblksites src
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites
http_access deny tomblksites

http_access allow mynet


Author Closing Comment

ID: 35116621
thank you, that worked just how i wanted it to.

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question