In Squid 2.5.s8_OS2_VAC my squid.conf included this example from FAQ 10.11 acl xxx dst 0.0.0.0/0.0.0.0 http_access deny xxx However, web pages not previously allowed in the sequence of rules, were nevertheless allowed to be served from cache, contrary to my wishes. I understand that if I accept free software, then I am a beta tester. I suppose the Squid community takes no responsibility for the integrity of any specific build of Squid. # TAG: acl #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT acl government urlpath_regex -i .gov acl education urlpath_regex -i .edu acl google dstdomain .google.com.au acl acenet dstdomain .acenet.com.au acl localnet src 192.168.100.0/24 acl ip dst 0.0.0.0/0.0.0.0 acl www urlpath_regex -i www. acl http proto HTTP # TAG: http_access #Recommended minimum configuration: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny to_localhost http_access allow government http_access allow education http_access allow google http_access allow acenet http_access allow localnet http_access deny ip http_access deny http http_access allow www # TAG: http_reply_access
