[squid-users] Squid config question

Amos Jeffries squid3 at treenet.co.nz
Fri Dec 5 01:06:47 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 5/12/2014 10:17 a.m., JeffDK wrote:
> Hi,
> 
> I have domain with about 20 servers.  Server A and B need full
> internet access and ssh access to one offsite server and the rest
> of the servers (domainX) have internet access limited to about 10
> sites.  I've added these lines and I beleive the rest is default.
> 
> acl ServerA src “Server A IP” acl ServerB src “Server B IP”

I assume the above "" details are actual IP addresses rather than
quoted strings. Otherwise that is your problem.

You can also list multiple IP addresses in one ACL. So you dont need
separate serverA and serverB definitions.

I suggest naming the ACL for what meaning your policy assigns to them.
ie
 acl unlimitedServers src “Server A IP” “Server B IP”
 http_access allow unlimitedServers

> acl AllowedSites securezone “/usr/local/etc/allowed-sites.squid
> 
> http_access allow ServerA http_access allow ServerB http_access
> allow “domainX” AllowedSites http_access deny all
> 
> It seems that this config still restricts all servers to the
> allowed sites and does not allow ssh.  I'm a beginner and curious
> if anyone has any ideas?

SSH uses TLS protocol, not HTTP protocol. Squid will only let it
through if the tool used sends HTTP messages. For non-HTTP protocols
use your system firewall to permit/deny.


Without details on how you are identifying the problem "restricts all
servers to the allowed sites" its hard to suggest any other
possibilities for what might be wrong.
 If the problem persists after you make the above changes then we are
going to need access.log records showing the problem, and exact
details of what those elided IPs are.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUgQUnAAoJELJo5wb/XPRjm8YH+QF1IRQMTvLxkDjH9EJk2xKC
REXtNmdsibKPyA25ruv7pj+VhO+s8pGOYYsaFQROip7KapzvvoftFy5QvdjMrdsY
N3GKKGwvGc9tXAFsg7Un5aRJ2nt6uY8+cgIk4BhuLrfmKvNrXA8nRZ0Muco/IN2I
z0R4MeinMMpm/c+jZDGVNs1VI2sg49LGJUSwTWrue7Rf7hjFtid3B2jIp32mqfQT
A5R9g3WyOZOJgADbYbqvEQ3Jta3Dq2s8Q2lCjl99UEw4W/SpXl0evbKWziH/2k1T
SYrW5js+fVxzepmRnukN1BLsRMqzIrzVeFi2V5wEFLZutnGiu/iPOmKikfnFVMU=
=jbuW
-----END PGP SIGNATURE-----

More information about the squid-users mailing list