Re: [squid-users] configuring acl for blocking (URLs and IPs/Subnets)

From: Sachin Gupta <>
Date: Tue, 15 Oct 2013 12:58:53 +0530

Thanks Amos.

For handling subnets, do i need to create a separate ACL? or it can be
clubbed in the list of IPs?

acl aclname dst [-n] ip-address/mask

acl aclname dst "subnets_file"

The documentation mentions
that this is a slow acl.
How does this work actually? Is it so that for each request, a dns
query is done and matched against this acl?


On Tue, Oct 15, 2013 at 9:44 AM, Amos Jeffries <> wrote:
> On 15/10/2013 4:59 p.m., Sachin Gupta wrote:
>> Hi All,
>> I have setup a list of URLs and IPs dumped into a file which need to
>> be blocked.
>> acl is setup as per documentation:
> ??
>> However, upon testing, the IPs are not getting blocked. Also there are
>> some subnets in the same file. Those are also not getting blocked.
>> Is there a special handling required here? or this approach is
>> incorrect for blocking IPs or subnets?
> Based on the description I guess you have one file witha mix of things to
> block on.
> You need the file to be separated into different sets of properties.
> For example:
> * one list of IPs
> * one list of domains
> * one list of full-URL regex patterns
> * one list of path-only regex patterns
> Each set needs to be configured as a different ACL name and type defining
> what property of the transation is to be tested against the values listed in
> that set.
> Then the http_access controls designed to test the ACLs and determine
> whetherit gets allowed/denied when the ACL matches.
> More details can be found at
> Amos
Received on Tue Oct 15 2013 - 07:29:00 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 15 2013 - 12:00:06 MDT