Amos, Understood. I think it is all working correctly now. Thank you!
PH On Wed, Dec 13, 2017 at 7:35 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 14/12/17 11:32, Paul Hackmann wrote: > >> Amos, >> >> I will do an update to the most recent version and see if that helps. It >> was one of those situations where if it ain't broke, don't fix it. And up >> until now, it has worked very well. >> >> You are right, I had brain fade about port 4120. It should NOT ask for >> authentication ever, and only connect to whitelisted sites, which is what I >> want. >> >> I've made the changes you recommended to the conf file. So far, >> everything seems to be working as I expect it to. Thank you! >> >> One more question if you don't mind. I am trying to add some ip >> addresses as whitelisted for port 4120. I guess I can't add those to the >> whitelist file, because it's formatting doesn't work with IP addresses? >> > > Sort of. dstdomain can accept IPs for matching against raw-IP text strings > in URLs where domain should have been. But does not do ranges like you need > there. > > So yes dst is the one to use there. > > However, be aware that it will match if *any* IPs for the domain being > fetched is in your whitelist set. It has nothing to do with whether that > matching dst-IP is actually used by Squid on the server connection. > To workaround that is where explicitly configuring "never_direct allow > all" comes in handy. > > > I read that you can add them into the conf file. I've created the >> following acl line: >> >> acl 8x8 dst 8.5.248.0/23 8.28.0.0/22 63.209.12.0/24 162.221.236.0/23 >> 162.221.238.0/23 192.84.16.0/22 >> >> and I tried to add 8x8 to the the http_access line: >> >> http_access allow whitelist 8x8 >> >> but when I did that, the 4120 port started asking for authentication, >> which is wrong. Can you tell me how to open those ip address ranges for >> port 4120? >> >> > Your use of http_access is not quite right. > > see <https://wiki.squid-cache.org/SquidFaq/SquidAcl#Common_Mistakes> > > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
