Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-26-2008, 01:33 PM   #1
LQ Newbie
Registered: May 2008
Posts: 3

Rep: Reputation: 0
Squid acl block internet by ip address

I am running Squid 2.5 caching proxy on Red Hat with 3 subnets, and I have set aside 10 ip addresses in each subnet (.100 to .109) and statically assigned these ip's to computers that I do not want to allow internet access. How do I configure appropriate acl's in squid.conf to achieve this? Thanks.
Old 05-27-2008, 08:59 AM   #2
Registered: Nov 2006
Posts: 97

Rep: Reputation: 16
check this. This article will help you to understand squid acls so that you'll be able to do more stuff with squid.
Old 05-27-2008, 09:54 AM   #3
LQ Newbie
Registered: May 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for the help

That's a good straightforward article on the use of Squid. The example shows how to allow a subnet which I am already doing. Any thoughts on how I can allow the subnet except for 10 addresses. Do I add an access deny acl and specifically (and individually) identify the ip's I wish to block internet access to? Still learning.
Old 05-28-2008, 12:14 AM   #4
Registered: Aug 2004
Location: INDIA
Distribution: Various Distros
Posts: 203

Rep: Reputation: 31
Thanks for sharing this article.
Old 05-28-2008, 01:15 AM   #5
Registered: Nov 2006
Location: Melbourne Australia
Distribution: Centos, RHEL, Debian, Ubuntu, Mint
Posts: 128

Rep: Reputation: 16
acl network1 src
acl network2 src
acl network3 src
acl banned src
acl banned src
acl banned src

http_access deny banned
http_reply_access deny banned
http_access allow network1
http_access allow network2
http_access allow network3
http_reply_access allow all
As an example.. I'm not sure if the ranges work in IP's, but you can just add them to a file or individually.

acl banned_machines src '/etc/squid/denied_machines.acl'
http_access deny banned_machines
http_reply_access deny banned_machines
The important part, is that you allow the subnet, then block the individual IP's.
Old 05-28-2008, 04:06 PM   #6
LQ Newbie
Registered: May 2008
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks Grizly

Concise and to the point. I appreciate your help. I will try this tonight.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
block internet if no squid proxy mrlinux2000 Linux - Software 14 02-26-2008 09:06 AM
by using iptables block mac address to restric user to access internet Farrukh Fida Linux - Networking 3 10-09-2006 08:59 AM
squid acl how to block all site except some mikmok Linux - Networking 1 12-22-2003 09:20 AM
SQUID:How can I block my LAN clients accessing Internet mwj Linux - Networking 1 10-27-2003 05:01 AM
Squid ACL dfctve_end_user Linux - Networking 2 01-13-2003 10:30 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration