[squid-users] limit access with acl only based on source and destination domain

Amos Jeffries squid3 at treenet.co.nz
Fri May 5 10:57:58 UTC 2017


On 05/05/17 16:23, Blaxton wrote:
> > acl From_Source_Domains srcdomain domain1 domain2 domain3
> > acl To_Destination_Domains dstdomain domain4 domain5 domain6
>
> if:
> > http_access allow From_Source_Domains
> or, if:
> > http_access allow To_Destination_Domains
> or, deny all
>
> According to your answer, if these are ORed, first http_access should 
> allow connection to everywhere from domain1,domain2,domain3
> Second http_access allow connections to from everywhere.
>
>
> Is above statement correct ?

What I mean is Squid performs these in this exact order:

The first line is checked.
   If From_Source_Domains matches the traffic is allowed.
Otherwise the second line gets checked.
  If To_Destination_Domains matches, the traffic is allowed.
Otherwise the traffic is denied.

Amos



More information about the squid-users mailing list