Re: restrict hosts to particular domains

From: Henrik Nordstrom <>
Date: Wed, 03 May 2000 08:48:58 +0200 wrote:
> try this modified stuff:
> > How do I define on my squid.conf file to restrict particular IPs to
> > access only certain domains?
> >
> > I've tried doing the ff:
> >
> > acl allowedsites dstdomain
> > acl allowedhost src
> >
> ># Remove this line--> http_access allow allowedsites
> > http_access allow allowedhost allowed_sites
> > http_access deny all
> the line marked remove is actually allowing the allowedsites to access
> anything, by just putting the second and third line, you allow them to the
> allowed_sites but nowhere else...

Not quite.

The first line allows everyone access to the host

The second line is bungled in two ways:
a) There is no allowed_sites ACL defined
b) The allowedsites ACL is wrongly defined if your intention is to only
match those 6 addresses. The netmask masks out the addresses and the ACL
matches the whole class-C subnet. IP host ranges are better written
without any netmask.

However, this does not explain the behaviour you are seeing.

Is there any other http_access lines before your "deny all" line?
Is there any warnings about missing ACL declarations in cache.log when
Squid is starting up?
How is the ACL "all" defined? It SHOULD and MUST be defined as, nothing else.

Henrik Nordstrom
Squid hacker
Received on Wed May 03 2000 - 00:54:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:15 MST