> -----Original Message----- > From: Joost de Heer [mailto:sanguis@xxxxxxxxx] > Sent: Thursday, February 03, 2005 11:38 PM > To: Hunter, Jess > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] Re: ACL allowing a specific IP range > > > Hunter, Jess said: >> I am running Squid with a banned.txt file. However there are a few >> WebPages >> on the banned list that I want to be able to open up to a certain IP range >> (i.e.. 192.168.1.201, 192.168.1.210, 192.168.1.250). I am wanting to >> allow these select few the ability to access pages such as mail.yahoo.com >> while the rest of the network would still be denied. > > You can either open up the whole list or nothing on the list, not 'a few > pages in the list'. > >> Here is how I have my ACL's set up: >> >> acl MYLAN src 192.168.0.1-192.168.10.253/255.255.255.0 >> acl banned dstdomain "path/to/banned/file/banned.txt" > >> http_access deny banned >> http_access allow MYLAN >> http_access deny all > > http_access allow banned MYLAN > http_access deny banned > http_access deny all > > Joost Well you can always do something like the following: acl special_sites dstdomain "/path/to/exception_sites" acl special_clients src 192.168.0.10 192.168.2.15 192.168.2.17 acl MYLAN src 192.168.0.1-192.168.10.253/255.255.255.0 acl banned dstdomain "path/to/banned/file/banned.txt" http_access allow special_sites special_clients http_access deny banned http_access allow MYLAN http_access deny all That should (if I'm not totally off base) allow 192.168.0.10,15 and 17 access the sites listed in the file special_sites regardless of their presence in banned, while preventing the rest of the LAN from accessing them. Chris
