[squid-users] acl src question

Amos Jeffries squid3 at treenet.co.nz
Fri Aug 9 06:18:53 UTC 2019

On 9/08/19 1:57 am, Service MV wrote:
> Hello everyone!
> I have a network
> I want to let the IP ranges to through my
> proxy, but not the ranges to
> If I don't misunderstand the documentation
> <http://www.squid-cache.org/Versions/v4/cfgman/acl.html>, the correct
> way to do this would be:
> acl mylocalnet src
> acl mylocalnet src
> [...]
> http_access allow mylocalnet
> Is this right?

Close. But that would include the machines with *.0 and *.255 address
outside the range you mention wanting to match.

If your needed range does not map to nice CIDR range(s) you can set the
start and end address instead:

 acl mylocalnet src

PS. setting the LAN range(s) you want to use the proxy is what the
"localnet" ACL is there for. The values provided are just an example of
standardized ranges that will let the proxy work on most networks by
 There is usually no need for a new custom name, just edit the list as
necessary for your policy. Unless you mean something else for this
custom ACL to be doing - in which case you might want to consider using
a name that makes the access rules read in a more easily interpreted way.


More information about the squid-users mailing list