[squid-users] Re: How to restrict access to designated client IP address blocks in Squid configuration?

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Mon, 21 Sep 2009 23:16:41 +0200

mån 2009-09-21 klockan 13:54 -0700 skrev Guy Bashkansky:
> Using Squid as a reverse cache proxy, need to give access only to
> clients whose IP addresses are from particular netblocks:
>
> acl service dstdomain .foo.com
> acl clients src 123.45.67.89/255.255.255.128
> http_access deny service all
> http_access allow service clients
>
> What may be the possible reason that clients with IP addresses not
> from that netblock can still access the service?

The above would deny everyone access.

http_access is read top-down and the first matching rule is used. Any
rules following that is ignored.

Probably you have other http_access rules above allowing access..

Regards
Henrik
Received on Mon Sep 21 2009 - 21:16:47 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 22 2009 - 12:00:02 MDT