Squid ACL
ACLs have many options to restrict access based on source ip address, destination ip address, source domain, and destination domain. This is done by:
acl src w.x.y.z/a.b.c.d # ACL based on source ip address
acl dst w.x.y.z/a.b.c.d # ACL based on destination ip address
acl srcdomain foo.com # ACL based on source domain
acl dstdomain foo.com # ACL based on destination domain
To use this to restrict access to your Squid proxy to only those hosts you wish - ie, local hosts, use the following directive format: acl localnet src 192.168.0.0/255.255.255.0
http_access allow localnet
http_access deny all
Restricting Web Access By IP Address
You can create an access control list that restricts Web access to users on certain networks. In this case, it's an ACL that defines a home network of 192.168.1.0.
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.0.0/255.255.255.0
You also have to add a corresponding http_access statement that allows traffic that matches the ACL:
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow home_network
To restrict access to the Squid proxy via the time, use the format:
acl aclname time [day-abbrevs] [h1:m1-h2:m2] day-abbrevs: S - Sunday M - Monday T - Tuesday W - Wednesday H - Thursday F - Friday A - SaturdayExample 1: Allow only business hour access from the home network, while always restricting access to host 192.168.1.20.
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.0.0/24
acl business_hours time M T W H F 9:00-17:00
acl resticthost src 192.168.0.20
#
# Add this at the top of the http_access section of squid.conf
#
http_access deny restricthost
http_access allow home_network business_hours
Example 2: Allow morning only.
#
# Add this to the bottom of the ACL section of squid.conf
#
acl mornings time 08:00-12:00
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow mornings