Squid ACL notes

From Notes_Wiki
Revision as of 06:13, 18 September 2014 by Saurabh (talk | contribs)

<yambe:breadcrumb self="ACLs">Squid proxy server configuration|Squid</yambe:breadcrumb>

Squid ACL notes

Blocking domains

We can use following lines to block domains youtube.com, youtube.co.uk, etc. from 10.2.48.0/24 IP range:

acl youtube_facebook_source src 10.2.48.0/24
acl youtube_facebook_destination dstdomain .youtube.com .facebook.com .youtube.co.uk .youtube.co.in .googlevideo.com .metacafe.com
http_access deny youtube_facebook_source youtube_facebook_destination

Note:

  • Dot (.) before .youtube.com in dstdomain ACLs is very important if we want to block www.youtube.com, etc. subdomains. If we just use youtube.com without dot(.) then ACL do not work as intended.


You can also read Configuring proxy authentication for squid to read information on proxy authentication related ACLs.


Access log related ACLS

Preventing logging of all requests that match an ACL

To prevent logging of all requests that match an ACL use:

access_log none acl [acl acl ...]

Example

acl log-test src 10.3.1.2
access_log none log-test


Log requests that match an ACL in separate file

To log requests that match a given ACL in separate file use:

access_log <filepath> [<logformat name> [acl acl ...]]

Example

acl log-test src 10.3.1.2
access_log /var/log/squid/log_test squid log-test