[squid-users] ACL and outgoing IP

Antony Stone Antony.Stone at squid.open.source.it
Tue Dec 27 16:30:05 UTC 2016

On Tuesday 27 December 2016 at 17:03:52, qdmetro wrote:

> I have a squid connected behind a firewall. On the firewall, only the Ip of
> the squid ( is allowed to go on Internet.
> Usually, when a user authenticate itself on the proxy, all the requests use
> the outgoing IP of the squid ( so the can access to the
> website. I want to allow some websites to be reachable without
> authentication (especially for the activation of windows licences). I've
> tried this :
> /acl Microsoft dstdomain .microsoft.com
> http_access allow Microsoft/
> With this configuration, the requests don't use the outgoing Ip of the
> proxy anymore, so they come to my firewall with the source IP of the
> client (which is not allowed to go on the Internet).
> I've tried this to force the outgoing IP for this acl :
> /tcp_outgoing_address Microsoft/
> but the request still don't use the IP of the proxy.
> Maybe this kind of configuration isn't possible, or I miss something...

Show us your full squid.conf (just post it here in a reply, omitting comments 
and blank lines).

That should give us more useful information to go on.


I don't know, maybe if we all waited then cosmic rays would write all our 
software for us. Of course it might take a while.

 - Ron Minnich, Los Alamos National Laboratory

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list