Squid: ACL filters?

From: F. Jacot Guillarmod <ccfj@dont-contact.us>
Date: Wed, 19 Jun 1996 10:30:45 +0200 (GMT+0200)


I'm confused about squid filters, but being behind slow, congested and
expensive Internet links it's probably worthwhile learning as much as
possible about their creative use.

The idea behind the following construction is to stop access to a
particular site (or sites as specified by the pattern) during a certain
time period. The access should be applicable to the single host specified:

acl WORK time MTWHF 08:00-17:00
acl FRIVOLOUS pattern .junk.com
acl HOST src

http_access deny FRIVOLOUS WORK HOST

Problem is this doesn't seem to work, and it's not clear why, other than
my incomplete grasp of how ACL's are supposed to function. Any
corrections or ideas as to how this would be correctly implemented?

The next step, once this is resolved, is how to set up an acl "src"
filter that could block out ranges of addresses, e.g. undergraduate
laboratories where the IP network numbers fall into the following
ranges (for example):,,,,,,

The point with the above address ranges is that they're on different
subnets, are not necessarily contiguous, and there are other
workstations within those subnets which still need access. The
DNS names of all these workstations do contain the string "-lab-".

Many thanks,

 F.F. Jacot Guillarmod - Computing Services - Rhodes University - Grahamstown
   Internet: ccfj@hippo.ru.ac.za   Phone: +27 461 318284 Fax: +27 461 25049
   The views expressed above are not necessarily those of Rhodes University
Received on Wed Jun 19 1996 - 01:31:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:31 MST