[squid-users] ACL why does this not work?

Amos Jeffries squid3 at treenet.co.nz
Fri May 1 08:25:08 UTC 2015


On 1/05/2015 11:56 a.m., Yan Seiner wrote:
> I am trying to prevent squid from proxying to an authorized subnet.
> 
> I want to write a set of acl rules that say that if a request does not
> come from the authorized subnet then it should not be allowed to connect
> to the authorized web server.
> 
> acl auth_net src 192.168.4.0/24
> acl auth dst 192.168.4.1
> http_access deny !auth_net auth
> 
> AFAICT something like the above should work but it doesn't.  squid
> proxies requests from anywhere on the network to the authorized
> webserver, getting right around the firewall.
> 
> Any suggestions on how to make this work?

You either got the order wrong
(<http://wiki.squid-cache.org/SquidFaq/OrderIsImportant>) or the DNS
results are not what you think they are.

We cant really say without knowing what your whole config is.

Amos



More information about the squid-users mailing list