Hi!
I have a Suse server which is running a squid. I need to restrict certain clients from accessing the internet. I have an ip range 192.168.0.3 - 192.168.0.52. Within this range I need to reestrict the following clients 192.168.0.8 192.168.0.17 192.168.0.23. What ACL rules should I put in the squid.conf file? At the moment it looks like this:
#acls
acl localhost src "/etc/squid/acl_localhost"
acl all src "/etc/squid/acl_all"
acl safe_ports port "/etc/squid/acl_safe_ports"
acl connect method "/etc/squid/acl_connect"
acl ssl_ports port "/etc/squid/acl_ssl_ports"
acl manager proto "/etc/squid/acl_manager"
acl internal_net src "/etc/squid/acl_internal_net"
#acl RestrictedHost src 192.168.1.16/255.255.255.255 192.168.0.9/255.255.255.255 192.168.0.7/255.255.255.255 192.168.0.18/255.255.255.255
#acl RestrictedHost src 192.168.1.9
acl restrictedhost src 192.168.0.18/255.255.255.255
acl FAS_FTP proto 21
acl FAS_HTTPS proto 443 563
#globals
cache_mgr
administrator@quantum.com.nacache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
client_netmask 255.255.0.0
ftp_user
Squid@quantum.com.naappend_domain .quantum.com.na
error_directory /etc/squid/errors
authenticate_program /usr/sbin/squid_ldapauth
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
icp_access allow all
miss_access allow all
cache_effective_user squid
cache_effective_group nogroup
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
logfile_rotate 0
forwarded_for off
cachemgr_passwd disable all
always_direct allow FAS_HTTPS
always_direct allow FAS_FTP
http_port 192.168.0.2:3128
http_port 192.168.0.2:8080
http_port 127.0.0.1:3128
http_port 127.0.0.1:8080
cache_dir ufs /var/cache/squid 2000 16 256
#access_lists
http_access allow localhost manager
http_access deny manager
http_access deny !safe_ports
http_access deny connect !ssl_ports
http_access allow internal_net
#http_access deny restrictedhost
