There's no acl to deny in
http_access deny myLan
Try something like
http_access deny myLan all
Or you could try:
acl fb dstdomain .facebook.com
http_access deny mLan fb
In your squid logs are you seeing the LAN IP address or 127.0.0.1 for
every request? If the latter then you need the follow_x_forwarded_for
that Amos mentioned.
-Dave
On 10/8/2013 2:13 AM, Stefano Malini wrote:
> Yes Dave,
> in squid.conf i set
> acl myLan src 192.168.1.0/24
> and
> http_access deny myLan
>
> to try if squid stops me but i can browse. I don't understand why
>
> My iptables rule:
>
> target prot opt source destination
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:http redir ports 8080
>
> Dansguardian network config.
>
> # the port that DansGuardian listens to.
> filterport = 8080
>
> # the ip of the proxy (default is the loopback - i.e. this server)
> proxyip = 127.0.0.1
>
> # the port DansGuardian connects to proxy on
> proxyport = 3128
>
> Squid
>
> acl myLan src 192.168.1.0/24
> and
> http_access deny myLan
>
> http_port 3128
>
> Dansguardian runs because it stops me browsing some blocked site! I
> have to retry other times this evening.
>
>
>
> Amos thanks, I'll try this evening, i don't know that directive.
>
> 2013/10/8 Amos Jeffries <squid3_at_treenet.co.nz>:
>> On 8/10/2013 12:58 p.m., Dave Burkholder wrote:
>>> No squid is not bypassed. The order flow is:
>>>
>>> Browser -> Dansguardian -> Squid -> Internet
>>>
>>> If you're wanting to limit access via squid ACLs, that's another aspect
>>> altogether.
>>>
>>> acl myLan src 10.0.4.0/24
>>>
>>> http_access deny myLan all
>>>
>>>
>>> Do you have something like that in squid.conf?
>>
>> Don't forget the follow_x_forwarded_for to determine what the client on the
>> other side of DG is.
>>
>> follow_x_forwarded_for allow localhost
>> follow_x_forwarded_for deny all
>>
>>
>> Amos
Received on Tue Oct 08 2013 - 12:17:34 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 09 2013 - 12:00:05 MDT