Squid - allowed subnets
-
I am trying to setup pfsense with squid, but I want to grant access to the proxy to specific ip addresses. So I uncheck "allow users on interface" and under "access control" I enter for example "10.1.2.56/32" in the "allowed subnets"-box. This doesn't work: the client receives an access denied message. I then looked at the squid.conf file (/usr/local/etc/squid/squid.conf) and noticed that the required acl line is created (acl allowed_subnets src 10.1.2.56/32) but there's no matching http_access line. When I add the line manually and restart the squid service, it seems to work…. is this a known problem?
-
Try toggling the allow users on interface, hit save, turn it off, hit save again. There have been some issues with the squid.conf interaction with that option in the past.
-
Also, keep in mind that squid.conf is generated by /usr/local/pkg/squid.inc at boot. If you want to manually edit your squid.conf - do it here.
-
That's a quick reply - thanks!
But it didn't help… I've been trying to get it to work for a few hours now, toggling and saving exactly as you say, but the http_access line just isn't there. I googled the problem and indeed found some old things, but thought it would be solved after so many years... :(
I also know about the file being overwritten at reboot. It was just a way to try if that was the problem...
-
Any other ideas?
-
Use 'Unrestricted IPs' field for allow single ip addresses.
-
That seems to do the trick, thanks! (don't know why I didn't see that myself, duh)