I have squid loaded on my CentOS 4.0 server and it is running great, but when I started to process the configuration file. The goal was to eliminate any traffic OUTSIDE of what I tried to permit. Below is my configuration where I changed the squid.conf file. Once I did, everything is allowed. I hope this is something stupid that I overlooked but I was wondering if anyone else had similar problems.
Code that I changed:
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
acl our_networks src XX.XX.XX.XX/XX
http_access allow our_networks
acl yahoo dstdomain .yahoo.com
acl msn dstdomain .msn.com
acl mydomain dstdomain .mydomain.com
acl google dstdomain .google.com
# And finally deny all other access to this proxy
http_access allow localhost
http_access allow yahoo
http_access allow msn
http_access allow anovoamericas
http_access allow google
http_access allow anovoushttp_access deny all
I had a similar problem and I still havent figured out the solution.
I am easily able to get squid to work if I "allow all" , but if I try to restrict traffic, using the ACL, in any fashion, the server fails. I even try to make the simplest rules that I can think of and it doesnt work.
I am lost as to why this happens.
I would suggest using the squidguard addin to configure your blocks, time blocks, groups blocks, and blacklists and whitelists.
and then use webmin to manage both
or use dans guardian, which I have never used but should work just as well.
What i did :
1) create a file with bunch of block url inside.
2) Make an entry as below in squid.conf
acl bad url_regex "/etc/squid/bad_url.acl"
http_access deny bad
http_access allow all
Notes : make sure, deny first, then follow by allow.