Squid3 blocking all sites except restricted sites
Like lots of allow/deny rule based systems once a rule matches it is applied and there is no further processing of that rule chain. So once you allow * it never even gets to any subsequent deny rules for that chain. Or as the documentation says:
Access list rules are checked in the order they are written. List searching terminates as soon as one of the rules is a match.
Once you replace the * with the actual list it will work. You also don't need a deny sites list if your following it by a deny all
.
Related videos on Youtube
Comments
-
John K over 1 year
I have a configuration file and in the lines where I have my allowed and restricted sites, I have the following:
acl AllowedSites dstdomain "/home/john/squid3_sites/allowed-sites.squid" acl RestrictedSites dstdomain "/home/john/squid3_sites/restricted-sites.squid"
And then on my
http_access
list, I havehttp_access allow AllowedSites http_access deny RestrictedSites
The Contents of my allowed-sites.squid is only a * to represent that all sites area allowed. And on my restricted-sites.squid there is only "www.facebook.com". The proxy restricts all sites except of facebook.com. When I go to any site I can think of, I get the error site with Access Denied. If it helps, here is my full
http_access
list:http_access allow AllowedSites http_access deny RestrictedSites http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all
And all my acls':
acl SSL_ports port 443 563 acl AllowedSites dstdomain “/usr/local/etc/allowed-sites.squid” acl RestrictedSites dstdomain “/usr/local/etc/restricted-sites.squid” acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl all src all