hi Dave, so, i changed the line http_access deny myLan to http_access deny myLan all. but it's the same behavior. Squid doesn't stop. In the logs file there is 127.0.0.1 for every http request, what does it mean? 2013/10/8 Dave Burkholder <dave@xxxxxxxxxxxxxxxxxxxx>: > There's no acl to deny in > > http_access deny myLan > > > Try something like > > http_access deny myLan all > > > Or you could try: > > acl fb dstdomain .facebook.com > http_access deny mLan fb > > In your squid logs are you seeing the LAN IP address or 127.0.0.1 for every > request? If the latter then you need the follow_x_forwarded_for that Amos > mentioned. > > -Dave > > > > > On 10/8/2013 2:13 AM, Stefano Malini wrote: >> >> Yes Dave, >> in squid.conf i set >> acl myLan src 192.168.1.0/24 >> and >> http_access deny myLan >> >> to try if squid stops me but i can browse. I don't understand why >> >> My iptables rule: >> >> target prot opt source destination >> REDIRECT tcp -- anywhere anywhere tcp >> dpt:http redir ports 8080 >> >> Dansguardian network config. >> >> # the port that DansGuardian listens to. >> filterport = 8080 >> >> # the ip of the proxy (default is the loopback - i.e. this server) >> proxyip = 127.0.0.1 >> >> # the port DansGuardian connects to proxy on >> proxyport = 3128 >> >> Squid >> >> acl myLan src 192.168.1.0/24 >> and >> http_access deny myLan >> >> http_port 3128 >> >> Dansguardian runs because it stops me browsing some blocked site! I >> have to retry other times this evening. >> >> >> >> Amos thanks, I'll try this evening, i don't know that directive. >> >> 2013/10/8 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >>> >>> On 8/10/2013 12:58 p.m., Dave Burkholder wrote: >>>> >>>> No squid is not bypassed. The order flow is: >>>> >>>> Browser -> Dansguardian -> Squid -> Internet >>>> >>>> If you're wanting to limit access via squid ACLs, that's another aspect >>>> altogether. >>>> >>>> acl myLan src 10.0.4.0/24 >>>> >>>> http_access deny myLan all >>>> >>>> >>>> Do you have something like that in squid.conf? >>> >>> >>> Don't forget the follow_x_forwarded_for to determine what the client on >>> the >>> other side of DG is. >>> >>> follow_x_forwarded_for allow localhost >>> follow_x_forwarded_for deny all >>> >>> >>> Amos > >
