-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/12/2014 10:17 a.m., JeffDK wrote: > Hi, > > I have domain with about 20 servers. Server A and B need full > internet access and ssh access to one offsite server and the rest > of the servers (domainX) have internet access limited to about 10 > sites. I've added these lines and I beleive the rest is default. > > acl ServerA src “Server A IP” acl ServerB src “Server B IP” I assume the above "" details are actual IP addresses rather than quoted strings. Otherwise that is your problem. You can also list multiple IP addresses in one ACL. So you dont need separate serverA and serverB definitions. I suggest naming the ACL for what meaning your policy assigns to them. ie acl unlimitedServers src “Server A IP” “Server B IP” http_access allow unlimitedServers > acl AllowedSites securezone “/usr/local/etc/allowed-sites.squid > > http_access allow ServerA http_access allow ServerB http_access > allow “domainX” AllowedSites http_access deny all > > It seems that this config still restricts all servers to the > allowed sites and does not allow ssh. I'm a beginner and curious > if anyone has any ideas? SSH uses TLS protocol, not HTTP protocol. Squid will only let it through if the tool used sends HTTP messages. For non-HTTP protocols use your system firewall to permit/deny. Without details on how you are identifying the problem "restricts all servers to the allowed sites" its hard to suggest any other possibilities for what might be wrong. If the problem persists after you make the above changes then we are going to need access.log records showing the problem, and exact details of what those elided IPs are. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUgQUnAAoJELJo5wb/XPRjm8YH+QF1IRQMTvLxkDjH9EJk2xKC REXtNmdsibKPyA25ruv7pj+VhO+s8pGOYYsaFQROip7KapzvvoftFy5QvdjMrdsY N3GKKGwvGc9tXAFsg7Un5aRJ2nt6uY8+cgIk4BhuLrfmKvNrXA8nRZ0Muco/IN2I z0R4MeinMMpm/c+jZDGVNs1VI2sg49LGJUSwTWrue7Rf7hjFtid3B2jIp32mqfQT A5R9g3WyOZOJgADbYbqvEQ3Jta3Dq2s8Q2lCjl99UEw4W/SpXl0evbKWziH/2k1T SYrW5js+fVxzepmRnukN1BLsRMqzIrzVeFi2V5wEFLZutnGiu/iPOmKikfnFVMU= =jbuW -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
