This looks wrong: http_access deny !allowdomain Try: http_access deny allowdomain On Fri, Jul 5, 2013 at 5:16 AM, kannan rbk <kannanrbk.r@xxxxxxxxx> wrote: > Dear Team, > > I am using squid proxy 3.1 in centos machine. I want to restrict > client request from particular domain and web context. > > # > # Recommended minimum configuration: > # > acl manager proto cache_object > acl localhost src 127.0.0.1/32 ::1 > acl to_localhost dst 127.0.0.0/8 ::1 > > acl urlwhitelist url_regex -i ^http(s)://([a-zA-Z]+).zmedia.com/blog/.*$ > acl allowdomain dstdomain .zmedia.com > > acl Safe_ports port 80 8080 8500 7272 > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl SSL_ports port 7272 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > http_access deny !allowdomain > http_access allow urlwhitelist > http_access allow CONNECT SSL_ports > http_access deny CONNECT !SSL_ports > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > http_port 3128 > > # We recommend you to use at least the following line. > hierarchy_stoplist cgi-bin ? > > # Uncomment and adjust the following to add a disk cache directory. > #cache_dir ufs /var/spool/squid 100 16 256 > > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid > append_domain .zmedia.com > > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > What am I trying here is? > > Restrict request only from(.zmedia.com) and it's working fine. But , I > can able to access request from any context (url_regex not working). > > URLS Should be allowed. > > https://accounts.zmedia.com/blog/aboutusers.html > https://contacts.zmedia.com/blog/aboutusers.html > https://shop.zmedia.com/blog/aboutusers.html > ... > > URLS Should not be allowed > > https://shop.zmedia.com/admin/aboutusers.html > > But , now I can able to access(https://shop.zmedia.com/admin/aboutusers.html) . > > > Regards, > > Bharathikannan R
