Squid - allowed subnets

  • I am trying to setup pfsense with squid, but I want to grant access to the proxy to specific ip addresses. So I uncheck "allow users on interface" and under "access control" I enter for example "" in the "allowed subnets"-box. This doesn't work: the client receives an access denied message. I then looked at the squid.conf file (/usr/local/etc/squid/squid.conf) and noticed that the required acl line is created (acl allowed_subnets src but there's no matching http_access line. When I add the line manually and restart the squid service, it seems to work…. is this a known problem?

  • Try toggling the allow users on interface, hit save, turn it off, hit save again.  There have been some issues with the squid.conf interaction with that option in the past.

  • Also, keep in mind that squid.conf is generated by /usr/local/pkg/squid.inc at boot.  If you want to manually edit your squid.conf - do it here.

  • That's a quick reply - thanks!

    But it didn't help… I've been trying to get it to work for a few hours now, toggling and saving exactly as you say, but the http_access line just isn't there. I googled the problem and indeed found some old things, but thought it would be solved after so many years... :(

    I also know about the file being overwritten at reboot. It was just a way to try if that was the problem...

  • Any other ideas?

  • Use 'Unrestricted IPs' field for allow single ip addresses.

  • That seems to do the trick, thanks! (don't know why I didn't see that myself, duh)

Log in to reply