James Moe said: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > ~ Disclaimer: Yes, I RTFM. Yes, I scanned the archives; because there is > no search, I probably missed a similar question. Yes, I have lurked here > for a couple of weeks. > > ~ v2.5.stable5 > ~ Can squid be configured to deny access to certain domains? Like > *.doubleclick.net or *.falkag.net? The "acl <waste-of-time> dstdomain > <unwanted>" + "http_access deny <waste-of-time>" looked promising but had > no effect; the hosts were accessed anyway. > ~ Here is what I tried: > acl adclick1 dstdomain .doubleclick.net > acl adclick2 dstdomain .valueclick.net > acl adclick3 dstdomain .falkag.net > http_access deny adclick1 adclick2 adclick3 acl's are 'OR' lists, http_access rules are 'AND' lists. Your http_access rule will never be true, because the destination domain is never .doubleclick.net AND .valueclick.net AND .falkag.net. So what you want is acl adclick dstdomain .doubleclick.net .valueclick.net .falkag.net http_access deny adclick This will deny access if dstdomain is .doubleclick.net OR .valueclick.net OR .falkag.net. If your list of ads-to-block is very long, you can also use acl adclick dstdomain "/path/to/textfile" where /path/to/textfile is a list of domains (one per line). You can add comments in this file by starting the line with #. > ~ How does squid block/deny/etc specified domains? With a dstdomain acl > ~ Is a reload all that is necessary after changing squid.conf? Or is a > full restart required? Reload is enough Joost
