> Cisco1720 router --> 4 windows based servers 1 centos virtual server 1 > centos squid server. > Client computers (8) > > Would like to have all web traffic blocked except websites defined in a > allowed_sites.squid config file. > My squid.conf file > > Should my squid server have 2 network cards or can I leave it with the one > ? One or two, it does not matter to the problem you currently have. > > +++++++ > [root@VIRT1 ~]# cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d' > http_port 192.168.31.3:3128 > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > cache_dir ufs /var/spool/squid 1000 16 256 > access_log /var/log/squid/access.log squid > dns_nameservers 192.168.31.11 > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl CONNECT method CONNECT > acl good_url dstdomain "/etc/squid/allowed_sites.squid" > acl pnc_network src 192.168.31.0/255.255.255.0 > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow good_url * permits anyone who can contact your squid to connect to any of the listed sites. Probably don't want that ... * Or maybe you intended to be a reverse-proxy/accelerator for internal sites? http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator To enact your stated "all web traffic blocked except websites defined in a allowed_sites.squid config file" Add here: http_access deny all drop the following http_access lines: > http_access deny pnc_network > http_access allow localhost > http_access deny all > http_reply_access allow all > icp_access allow all > visible_hostname VIRT1 > coredump_dir /var/spool/squid > ++++++++ > > > > client's cannot access anything. Is the content of "/etc/squid/allowed_sites.squid" correctly formatted for dstdomain? A list of domain names one per line with the following style: example.com - matches only example.com domain. .example.com - matches example.com and ALL *.example.com sub-domains. Amos
