Hi

Please someone help me with this squid conf file.
I'am trying to block websites and specific extensions for all user except for one ip.This is my confuiguration.
everything works fine but vip client with allowed ip is also blocked.


http_port 80
cache_mgr Administrator@proxy
visible_hostname proxy
cache_dir ufs c:/squid/var/cache 512 16 256
acl Query urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl PURGE method PURGE
acl to_localhost dst 127.0.0.1/8
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443
acl CONNECT method CONNECT
acl localnetwork0 src 127.0.0.0/8
acl localnetwork1 src 192.168.5.0/24



acl VIP src 192.168.121.80

acl forbiden_pages dstdomain "C:/squid/etc/blocked-sites.txt"

acl forbiden_extensions url_regex -i "C:/squid/etc/blocked-files.txt"


hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
coredump_dir c:/squid/var/cache

cache_mem 64 MB
dns_testnames localhost

http_access allow VIP forbiden_pages
http_access allow VIP forbiden_extensions
http_access deny forbiden_pages all
http_access deny forbiden_extensions all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow PURGE localhost
http_access deny PURGE
http_access allow localnetwork0
http_access allow localnetwork1
no_cache deny QUERY
http_access deny all
http_reply_access allow all
icp_access deny all

Thanks

I cant test this now but try
instead
or just

Thanks for fast reply but I try your new conf but it doesn't work.I really don't know what is the problem!

Please help me with this configuaration!
Thanks

maybe it's a silly question, but have you restarted squid before using a new config file ?

You may also use
instead of killing the process.

Yes I always restart squiid after every change is made.
With this configuration every computer doesn't have access to forbiden pages and forbiden extensions.

can you post your forbidden pages acls

I usually put allow lists at the top for complete access.

http_access allow VIP

at the top of the area.

Forbiden-pages txt file:
But it works for all other user exept for my pc.I still have no access to forbidden pages!!

I try that with no success



http_port 80
cache_mgr Administrator@proxy
visible_hostname proxy
cache_dir ufs c:/squid/var/cache 512 16 256
acl Query urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl PURGE method PURGE
acl to_localhost dst 127.0.0.1/8
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443
acl CONNECT method CONNECT
acl localnetwork0 src 127.0.0.0/8
acl localnetwork1 src 192.168.5.0/24



acl VIP src 192.168.121.80

acl forbiden_pages dstdomain "C:/squid/etc/blocked-sites.txt"

acl forbiden_extensions url_regex -i "C:/squid/etc/blocked-files.txt"


hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
coredump_dir c:/squid/var/cache

cache_mem 64 MB
dns_testnames localhost

http_access deny forbiden_pages all
http_access deny forbiden_extensions all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow PURGE localhost
http_access deny PURGE
http_access allow localnetwork0
http_access allow localnetwork1
no_cache deny QUERY
http_access deny all
http_reply_access allow all
icp_access deny all

Thanks

Maybe it is because ACL ALL src 0.0.0.0.0/0.0.0.0. I cant figure out neither what can be the problem. Maybe ICP ACCESS try to remove it. i dont know.

Hm, Is your comp behind NAT? I see you have IP from different range. post your IP configuration.

Try this.

Oh /24 i think this is it, but interesting thing, makadam sad eveything worked. HM deny all and his IP could browe everything but forbidden acl. Maybe it is NAT after all. So his ip is form 192.168.5.0/24 range.