squid proxy

Posted on 2011-03-10
Medium Priority
Last Modified: 2012-05-11
i have a fedora box running squid as a proxy server. currently it is blocking everything but a few websites for a few of the pc's i take care off. the squid.conf file has entries like this

#walkup kiosk
acl blksites src
acl oksites dstdomain "/etc/squid/allowsites.acl"
http_access allow blksites oksites

# tom's pc
acl tomblksites src
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites

and so on - now i need, for the rest of the pc's ( so about 40 ) to allow everything and block only a few things like facebook. i found the convenience of the list very nice, so that i could add to the list and just restart the service. i've been told that squid reads the conf file from the top down. so i guess if i where to put something like
http_access allow all
at the bottom as the last entry - would that mean that all the entries above would be ignored, and then the pc's that are suppose to have everything blocked but a few sites would now be allowed all sites? is it possible to have the rules on the same server? or would i need a proxy to block everything and allow a few sites - and a proxy to allow everything and block a few?
Question by:JeffBeall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 15

Accepted Solution

DonConsolio earned 2000 total points
ID: 35103854
- the ACLs are processed from top to bottom
- whenever a rule is matching processing stops and the rule is applied

try something like this:

acl mynet src

#walkup kiosk
acl blksites src
acl oksites dstdomain "/etc/squid/allowsites.acl"
#allow some sited for kiosk
http_access allow blksites oksites
# deny all the rest for kiosk
http_access deny blksites

# tom's pc
acl tomblksites src
acl tomoksites dstdomain "/etc/squid/allowsites.acl"
http_access allow tomblksites tomoksites
http_access deny tomblksites

http_access allow mynet


Author Closing Comment

ID: 35116621
thank you, that worked just how i wanted it to.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question