Sorry, I found a mistake squid.conf should read:
http_access allow restrictedlist2 restricted_macs2
not
http_access allow restrictedlist1 restricted_macs2
I also removed the restricted lists from the “delay_access 1 deny” entries. Restricted sites should be subject to the same restraints as normal users.
CORRECTED .INC AND .XML FILE ATTACHED BELOW!!!!!!!
new squid.conf:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_port 192.168.1.1:3128
icp_port 0
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
visible_hostname localhost
cache_mgr admin@localhost
cache_access_log /dev/null
cache_log /var/squid/log/cache.log
cache_store_log none
cache_dir diskd /var/squid/cache 100 16 256
cache_mem 8 MB
maximum_object_size 10 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
offline_mode off
No redirector configured
acl all src 0.0.0.0/0
acl localhost src 127.0.0.1
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl allowed_subnets src 192.168.1.0/24
acl unrestricted_hosts src "/var/squid/acl/unrestricted_hosts.acl"
acl unrestricted_macs arp "/var/squid/acl/unrestricted_macs.acl"
acl banned_hosts src "/var/squid/acl/banned_hosts.acl"
acl banned_macs arp "/var/squid/acl/banned_macs.acl"
acl restrictedlist1 url_regex -i "/var/squid/acl/restrictedlist1.acl"
acl restricted_hosts1 src "/var/squid/acl/restricted_hosts1.acl"
acl restricted_macs1 arp "/var/squid/acl/restricted_macs1.acl"
acl restrictedlist2 url_regex -i "/var/squid/acl/restrictedlist2.acl"
acl restricted_hosts2 src "/var/squid/acl/restricted_hosts2.acl"
acl restricted_macs2 arp "/var/squid/acl/restricted_macs2.acl"
acl whitelist url_regex -i "/var/squid/acl/whitelist.acl"
acl blacklist url_regex -i "/var/squid/acl/blacklist.acl"
no_cache deny dynamic
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost
request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/10485760 -1/10485760
delay_initial_bucket_level 100%
delay_access 1 deny unrestricted_hosts
delay_access 1 deny unrestricted_macs
delay_access 1 allow all
http_access deny banned_hosts
http_access deny banned_macs
http_access allow unrestricted_hosts
http_access allow unrestricted_macs
http_access allow restrictedlist1 restricted_hosts1
http_access deny restricted_hosts1
http_access allow restrictedlist1 restricted_macs1
http_access deny restricted_macs1
http_access allow restrictedlist2 restricted_hosts2
http_access deny restricted_hosts2
http_access allow restrictedlist2 restricted_macs2
http_access deny restricted_macs2
http_access allow whitelist
http_access deny blacklist
http_access allow allowed_subnets
http_access deny all
–------------------------------------------------------------------
I’ve removed the old attached squid.inc.txt and added changes.
Here is the squid files with .txt added for posting
squid.inc.txt
squid_nac.xml.txt
