[squid-users] "src" access rule not working

From: Ted Ritchie <ted_ritchie@dont-contact.us>
Date: Wed, 11 Jan 2006 14:28:01 -0800

Hello all,

I have what should be a very simple addition that I am trying to make to my
squid.conf file. I must be overlooking something rather obvious and would
appreciate it if someone would point me in the right direction. I am trying
to make it so that I can allow access through the squid server to specific
IP address (See the comment with all the ****s in my config file). So I
added the necessary acl http_access commands and reloaded the system, but no
luck. In fact I have been hacking away at this for several hours now and I
am not making any progress. Any pointers would be greatly appreciated.

Thanks,
Ted

I am running, SQUID-2.5.STABLE6 and have been for a few years.
Here is my squid.conf (or very close to the live one anyway):

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

pid_filename /var/run/squid.pid

auth_param ntlm program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 7
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 20 minute
auth_param basic program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 3
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

quick_abort_min -1 KB
range_offset_limit -1 KB

external_acl_type wbinfo_group_helper ttl=300 %LOGIN
/usr/libexec/wbinfo_group.pl

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
# acl Full_Internet_Access proxy_auth REQUIRED
acl Allowed-Domains dstdomain .google.com
acl Full_Internet_Access external wbinfo_group_helper Full_Internet_Access
acl Blocked_Ad_Servers dstdomain .advertising.com
acl Blocked_Webmail_Servers dstdomain .hotmail.com
acl Webmail_Block_Bypass external wbinfo_group_helper Webmail_Block_Bypass

# ****************************
acl Allowed_Linux_Servers_To_Outside src 192.168.10.48/255.255.255.255
# acl Allowed_Servers srcdomain pcgalore.domain.ca.
# ****************************

acl Allowed_IPs dst 1.2.3.4
acl Blocked_Other_Servers .ebay.com

no_cache deny QUERY
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Allowed-Domains
http_access allow Allowed_IPs
http_access deny Blocked_Ad_Servers
http_access allow Webmail_Block_Bypass
http_access deny Blocked_Webmail_Servers
http_access deny Blocked_Other_Servers
http_access allow Allowed_Linux_Servers_To_Outside
http_access allow Full_Internet_Access
http_access deny all

http_reply_access allow all

icp_access allow all

visible_hostname proxy

cache_dir aufs /cache1 10000 30 256
cache_dir aufs /cache2 10000 30 256
cache_dir aufs /cache3 10000 30 256
cache_dir aufs /cache4 10000 30 256
cache_effective_user squid
cache_effective_group squid
cache_mem 150 MB
http_port 80
http_port 3128
maximum_object_size 75 MB
cache_replacement_policy heap LFUDA
deny_info http://intranet/images/placeholder.gif Blocked_Ad_Servers
Received on Wed Jan 11 2006 - 15:28:03 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST