squid proxy

**abdullah1** · 12-14-2011

hi
i have squid proxy configured on my network.
but when i try to make access lists to deny specific IP addresses from using this proxy it did not work.
those IP addresses still able to use this proxy.

any idea about the reason of that ??!!!

thanks

**scathefire** · 12-14-2011

Please post your ACLs

**abdullah1** · 12-15-2011

acl our_networks src 192.168.6.212
acl our_networks src 192.168.6.213
acl our_networks src 192.168.6.214
acl our_networks src 192.168.6.215
acl our_networks src 192.168.6.216
acl our_networks src 192.168.6.217
acl our_networks src 192.168.6.218
acl our_networks src 192.168.6.219

http_access allow our_networks

acl blocked src 192.168.6.220
acl blocked src 192.168.6.221
acl blocked src 192.168.6.222
acl blocked src 192.168.6.223
acl blocked src 192.168.6.224
acl blocked src 192.168.6.225
acl blocked src 192.168.6.226
acl blocked src 192.168.6.227
acl blocked src 192.168.6.228
http_access deny blocked

**Mudgen** · 12-15-2011

Originally Posted by abdullah1

hi
i have squid proxy configured on my network.
but when i try to make access lists to deny specific IP addresses from using this proxy it did not work.
those IP addresses still able to use this proxy.

any idea about the reason of that ??!!!

thanks

The reason is probably either that you didn't understand how to set the access lists up, or made an inadvertent error in doing so.

**scathefire** · 12-15-2011

Originally Posted by abdullah1

acl our_networks src 192.168.6.212
acl our_networks src 192.168.6.213
acl our_networks src 192.168.6.214
acl our_networks src 192.168.6.215
acl our_networks src 192.168.6.216
acl our_networks src 192.168.6.217
acl our_networks src 192.168.6.218
acl our_networks src 192.168.6.219

http_access allow our_networks

acl blocked src 192.168.6.220
acl blocked src 192.168.6.221
acl blocked src 192.168.6.222
acl blocked src 192.168.6.223
acl blocked src 192.168.6.224
acl blocked src 192.168.6.225
acl blocked src 192.168.6.226
acl blocked src 192.168.6.227
acl blocked src 192.168.6.228
http_access deny blocked

ACLs do not work that way. Every time you state 'acl our_network' for example, you are trampling over the previous statement.

Instead, your acl should look like this:

Code:

acl our_network src 192.168.6.213-192.168.6.219/32
acl blocked src 192.168.6.220-192.168.6.228/32
http_access allow our_networks
http_access deny blocked

you may need to adjust the mask in the range to fit your needs, version of squid, etc., etc., etc.

**abdullah1** · 12-18-2011

thanks scathefire
i will try this,,,

Thread Tools

Display

squid proxy

Posting Permissions