Exclude some IPs from a subnet in squid

Question

I have squid configuration to allow access to the proxy from a particular network localnet. I'm blocking access to media to all users except some IPs within the subnet. Here is the relevant part from the /etc/squid/squid.conf :

acl admins src 192.168.10.29 192.168.10.17
acl localnet src 192.168.10.0/24
http_access allow admins
http_access deny mediaprr localnet
http_reply_access deny media localnet
http_access allow localnet

where media and mediaprr are the ACLs blocking streaming. When running this configuration, media is still blocked for admins group. I tried identifying localnet by IPs (just for testing):

acl localnet src 192.168.10.90 192.168.10.91

and then the media remained blocked for localnet but not for admins; and that led me to the conclusion that the problem was that admins resigns within the subnet of localnet. Is that assumption correct? And what can I do to exclude admins from the localnet subnet?

score 3 · Accepted Answer · answered Mar 11 '12 at 07:22

The idea came to my mind right after posting the question:

acl admins src 192.168.10.29 192.168.10.17
acl localnet src 192.168.10.0/24
http_access allow mediaprr admins
http_reply_access allow media admins
http_access deny mediaprr localnet
http_reply_access deny media localnet
http_access allow localnet

should allow admins to access media right before denying localnet use to media. Tested and worked...

Exclude some IPs from a subnet in squid

1 Answers1