+ Post New Thread
Results 1 to 7 of 7
*nix Thread, Squid3 - ACL in Technical; I've just installed a squid server and am trying to have it so all sites are blocked unless there are ...
  1. #1

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241

    Squid3 - ACL

    I've just installed a squid server and am trying to have it so all sites are blocked unless there are in a file that we have added (a whitelist basically).

    Can anybody assist me in how to achieve this? Followed this guide
    SquidFaq/SquidAcl - Squid Web Proxy Wiki
    But it isn't working for me? What am I doing wrong? Here's the relevant parts of conf

    Code:
    acl AllowedSites dstdomain "/etc/squid3/AllowedSites"
    acl localnet src 10.0.0.0/8
    Code:
    http_access allow localnet
    http_access allow AllowedSites
    http_access deny all

  2. #2


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,659
    Thank Post
    276
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Quote Originally Posted by Hightower View Post
    Code:
    acl AllowedSites dstdomain "/etc/squid3/AllowedSites"
    acl localnet src 10.0.0.0/8
    Code:
    http_access allow localnet
    http_access allow AllowedSites
    http_access deny all
    I'm working from memory here using Squid 2.* as a reference, but parsed that reads (iirc): Let everyone from the local network access stuff. Let everyone access the sites in allowed sites. Deny everyone else.

    Try changing to:
    Code:
    http_access deny !localnet
    http_access deny !AllowedSites
    http_access deny all
    Which says "if you're not on a 10.*, no access. If you're not looking at a whitelisted site, no access." You may need an allow in there somewhere, I don't have a squid.conf in front of me.
    Last edited by pete; 16th January 2009 at 05:51 PM.

  3. #3

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Right - sussed it with this:

    Code:
    http_access deny !localnet
    http_access allow allowedsites
    http_access deny all
    P.S. How do I restart the squid server from a website (i.e. Click here to restart server)

  4. #4
    wensleydale's Avatar
    Join Date
    Jan 2009
    Location
    Leyburn
    Posts
    17
    Thank Post
    1
    Thanked 2 Times in 2 Posts
    Rep Power
    12
    Have you installed webmin? This one of the best webbased remote server control. In webmin goto servers>>squid>>start/stop Squid

  5. #5

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Quote Originally Posted by wensleydale View Post
    Have you installed webmin? This one of the best webbased remote server control. In webmin goto servers>>squid>>start/stop Squid
    No, I don't want to install webmin. I have a custom webpage and I want to be able to click a link on it to restart squid - is this possible?

  6. #6

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,157
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    Key thing that I picked up in Squid is that it processes the lines in order. As soon as it comes to something which matches "allow" then it stops. In your example "allow localnet" comes first so anyone on "localnet" can do anything and that's why reversing the logic works - you're now saying "allow these sites" and "deny everything if they're not on my network"

  7. #7

    Hightower's Avatar
    Join Date
    Jun 2008
    Location
    Cloud 9
    Posts
    4,920
    Thank Post
    494
    Thanked 690 Times in 444 Posts
    Rep Power
    241
    Quote Originally Posted by srochford View Post
    Key thing that I picked up in Squid is that it processes the lines in order. As soon as it comes to something which matches "allow" then it stops. In your example "allow localnet" comes first so anyone on "localnet" can do anything and that's why reversing the logic works - you're now saying "allow these sites" and "deny everything if they're not on my network"
    Not having a problem with it now - sorted (as posted above) - Just need to know how to restart the server from a custom webscript?

SHARE:
+ Post New Thread

Similar Threads

  1. ACL
    By kevin_lane in forum Coding
    Replies: 1
    Last Post: 19th December 2008, 06:09 PM
  2. Samba / Windows ACL mapping problem.
    By Geoff in forum *nix
    Replies: 7
    Last Post: 2nd August 2008, 01:34 PM
  3. joomla acl
    By alonebfg in forum EduGeek Joomla 1.0 Package
    Replies: 1
    Last Post: 21st March 2008, 04:19 PM
  4. squid acl
    By browolf in forum *nix
    Replies: 20
    Last Post: 20th April 2007, 08:55 AM
  5. ADMT and or Scripting ACL changes.
    By pete in forum Windows
    Replies: 4
    Last Post: 25th October 2006, 08:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •