Allow a certain URL path with Squid
Solution 1
For anyone else like me that stumbles across this post looking for an answer. The reason is that squid can't see the full URL for HTTPS requests, only the domain.
You can do a url_regex only for HTTP connections. You have to do a dstdomain for HTTPS connections.
It's down to the way proxy CONNECT works and not a Squid issue..
Solution 2
it's described here; http://wiki.squid-cache.org/SquidFaq/SquidAcl
My current setup is like this;
acl special_client src 10.1.255.93
acl special_url url_regex ^http://ppa.launchpad.net/adiscon/v8-devel/ubuntu/.*
http_access allow special_client special_url
http_access deny special_url
Solution 3
Order is important. Put the allow line before the deny.
Also url_regex matches one the whole URL including http:// so you need to change your regexes. Remember to restart or reload squid after changes.
Solution 4
I think you're looking for something like this:
http_access allow good
http_access deny bad !good
Because actually the good
regexp matches the bad
regexp as well so you need to use the AND connector in the second line.
Note that you can debug acl's with this line:
debug_options ALL,1 28,3 33,2
Related videos on Youtube
unsi
Updated on September 18, 2022Comments
-
unsi over 1 year
I'm using Squid 3.4 on Debian, and I want to know how to allow certain sub-URLs while banning the rest of them.
Particularly, I want to ban access to reddit.com/* but allow access to reddit.com/r/foo/* and reddit.com/r/foo/
acl bad url_regex reddit\.com.* acl good url_regex reddit\.com.*foo* http_access deny bad http_access allow good ... http_access allow localnet http_access allow localhost http_access deny all
This code doesn't seem to work, and everything at reddit.com ends up getting blocked. How can I get the configuration I want?
Edit: Updated configuration that still doesn't work:
acl good url_regex http(s)?://(www\.)?reddit\.com/r/foo.* acl bad url_regex http(s)?://(www\.)?reddit\.com.* http_access allow good http_access deny bad ... http_access allow localnet http_access allow localhost http_access deny all
This has the opposite effect of the previous code; it allows access to all of reddit.com (which I don't want).
-
unsi about 9 yearsI swapped the "deny bad" and "allow good" lines but I can't see any change.
-
dakira about 9 yearscan you post your config file now you have updated it? Also be aware that if people use https, these regexes won't apply to url portions
-
unsi about 9 years@TomNewton Done, check my edited post; this time I tried to start from the http; I have ssl-bump configured, so it should work as expected. I tried from both http and https but it doesn't work on either protocol. I shut down the Squid server and restart it whenever I make changes.
-
Laurie over 3 yearsThis fixed the problem for me - this thread is related squid-web-proxy-cache.1019090.n4.nabble.com/…