On 13/07/2015 10:50 a.m., Jason Enzer wrote: > 'm hardly a novice in squid (more of an initiate, actually) ... but it > looks like you've got the deny rules backwards in examples 2 & 3. With > they assumption that the first rule works fine, they should read: > > 2. http_access deny *ip2 inc3172* > > 3. http_access deny *ip3 inc3173* > > client still shows outgoing address from first acl statement... if i > comment out the first acl the 2nd acl works and the outgoing address > is what is expected. >
The "myip" and "myport" ACLs were deprecated years ago due to unreliability. Use "myportname" ACL type instead. That matches the actual listening port Squid received on, not a lookup of its host IP(s). Or you could use "localip" ACL type, which uses the IP from the TCP connection arriving at Squid. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
