Squid - allowed subnets



  • I am trying to setup pfsense with squid, but I want to grant access to the proxy to specific ip addresses. So I uncheck "allow users on interface" and under "access control" I enter for example "10.1.2.56/32" in the "allowed subnets"-box. This doesn't work: the client receives an access denied message. I then looked at the squid.conf file (/usr/local/etc/squid/squid.conf) and noticed that the required acl line is created (acl allowed_subnets src 10.1.2.56/32) but there's no matching http_access line. When I add the line manually and restart the squid service, it seems to work…. is this a known problem?



  • Try toggling the allow users on interface, hit save, turn it off, hit save again.  There have been some issues with the squid.conf interaction with that option in the past.



  • Also, keep in mind that squid.conf is generated by /usr/local/pkg/squid.inc at boot.  If you want to manually edit your squid.conf - do it here.



  • That's a quick reply - thanks!

    But it didn't help… I've been trying to get it to work for a few hours now, toggling and saving exactly as you say, but the http_access line just isn't there. I googled the problem and indeed found some old things, but thought it would be solved after so many years... :(

    I also know about the file being overwritten at reboot. It was just a way to try if that was the problem...



  • Any other ideas?



  • Use 'Unrestricted IPs' field for allow single ip addresses.



  • That seems to do the trick, thanks! (don't know why I didn't see that myself, duh)


Locked