Squid - allowed subnets

bmaster · May 11, 2010, 2:48 PM

I am trying to setup pfsense with squid, but I want to grant access to the proxy to specific ip addresses. So I uncheck "allow users on interface" and under "access control" I enter for example "10.1.2.56/32" in the "allowed subnets"-box. This doesn't work: the client receives an access denied message. I then looked at the squid.conf file (/usr/local/etc/squid/squid.conf) and noticed that the required acl line is created (acl allowed_subnets src 10.1.2.56/32) but there's no matching http_access line. When I add the line manually and restart the squid service, it seems to work…. is this a known problem?

mhab12 · May 11, 2010, 2:51 PM

Try toggling the allow users on interface, hit save, turn it off, hit save again. There have been some issues with the squid.conf interaction with that option in the past.

mhab12 · May 11, 2010, 2:53 PM

Also, keep in mind that squid.conf is generated by /usr/local/pkg/squid.inc at boot. If you want to manually edit your squid.conf - do it here.

bmaster · May 11, 2010, 2:57 PM

That's a quick reply - thanks!

But it didn't help… I've been trying to get it to work for a few hours now, toggling and saving exactly as you say, but the http_access line just isn't there. I googled the problem and indeed found some old things, but thought it would be solved after so many years... :(

I also know about the file being overwritten at reboot. It was just a way to try if that was the problem...

bmaster · May 12, 2010, 1:51 PM

Any other ideas?

dvserg · May 12, 2010, 3:06 PM

Use 'Unrestricted IPs' field for allow single ip addresses.

bmaster · May 12, 2010, 2:20 PM

That seems to do the trick, thanks! (don't know why I didn't see that myself, duh)