Thanks Amos. For handling subnets, do i need to create a separate ACL? or it can be clubbed in the list of IPs? acl aclname dst [-n] ip-address/mask OR acl aclname dst "subnets_file" The documentation http://www.squid-cache.org/Doc/config/acl/ mentions that this is a slow acl. How does this work actually? Is it so that for each request, a dns query is done and matched against this acl? Regards On Tue, Oct 15, 2013 at 9:44 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 15/10/2013 4:59 p.m., Sachin Gupta wrote: >> >> Hi All, >> >> I have setup a list of URLs and IPs dumped into a file which need to >> be blocked. >> acl is setup as per documentation: > > > ?? > > >> However, upon testing, the IPs are not getting blocked. Also there are >> some subnets in the same file. Those are also not getting blocked. >> >> Is there a special handling required here? or this approach is >> incorrect for blocking IPs or subnets? > > > Based on the description I guess you have one file witha mix of things to > block on. > You need the file to be separated into different sets of properties. > > For example: > * one list of IPs > * one list of domains > * one list of full-URL regex patterns > * one list of path-only regex patterns > > Each set needs to be configured as a different ACL name and type defining > what property of the transation is to be tested against the values listed in > that set. > Then the http_access controls designed to test the ACLs and determine > whetherit gets allowed/denied when the ACL matches. > > More details can be found at http://wiki.squid-cache.org/SquidFaq/SquidAcl. > > Amos
