I need a Squid config that allows access to only one domain: .example.com
Traffic should only be allowed through if coming from 10.100.0.0/24
and only port 80 (http) and port 443 (https) traffic should be allowed through, but again, only to this ONE domain.
It Must be Squid (no iptables or other).
Using Squid 3.1 on Centos 6
Thanks!
I am not sure about ports - but this will block evrything except <blah>
I put # for comments You also need to add localhost so some things don't break.
acl deny_net src xxx.xxx.0.1- xxx.xxx.0.254 # you get to fiddle with these two lines add more lines as needed
acl deny_net src 10.10.0.1-10.10.0.24 # this is ipv4
acl all src 0.0.0.0/0.0.0.0 # leave this one alone
acl whitelist dstdomain .example.com
http_access deny deny_net
http_access allow whitelist allow_net
http_access deny all
If you use "acl deny all" it undoes everything above it. The chances of your breaking something are good doing something like the above.
We usually just use a router for this, and allow one subnet through.
On your version of squid you block ports this way:
acl Bad_ports port 1-79
acl Bad_ports port 81-442
acl Bad_ports port 444-45000
http_access_deny Bad_ports # 80 & 443 all else from 1-45000 blocked
Thanks Jim, I am ashamed to admit that the ssl issue I was having was due to not using https proxy on the client side (not a transparent proxy), so it was not even going through my Squid Server. Resolved.
---------- Post updated at 04:11 PM ---------- Previous update was at 04:11 PM ----------
Should have checked my access logs more.