There's no acl to deny in
http_access deny myLan
Try something like
http_access deny myLan all
Or you could try:
acl fb dstdomain .facebook.com
http_access deny mLan fb
In your squid logs are you seeing the LAN IP address or 127.0.0.1 for
every request? If the latter then you need the follow_x_forwarded_for
that Amos mentioned.
-Dave
On 10/8/2013 2:13 AM, Stefano Malini wrote:
Yes Dave,
in squid.conf i set
acl myLan src 192.168.1.0/24
and
http_access deny myLan
to try if squid stops me but i can browse. I don't understand why
My iptables rule:
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 8080
Dansguardian network config.
# the port that DansGuardian listens to.
filterport = 8080
# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
# the port DansGuardian connects to proxy on
proxyport = 3128
Squid
acl myLan src 192.168.1.0/24
and
http_access deny myLan
http_port 3128
Dansguardian runs because it stops me browsing some blocked site! I
have to retry other times this evening.
Amos thanks, I'll try this evening, i don't know that directive.
2013/10/8 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 8/10/2013 12:58 p.m., Dave Burkholder wrote:
No squid is not bypassed. The order flow is:
Browser -> Dansguardian -> Squid -> Internet
If you're wanting to limit access via squid ACLs, that's another aspect
altogether.
acl myLan src 10.0.4.0/24
http_access deny myLan all
Do you have something like that in squid.conf?
Don't forget the follow_x_forwarded_for to determine what the client on the
other side of DG is.
follow_x_forwarded_for allow localhost
follow_x_forwarded_for deny all
Amos
