default rules.
In your web browser (Firefox is assumed from here on because it is the
default in a standard Ubuntu install, but it makes little difference), go to the
URL www.ubuntu.com. You should see it appear as normal in the browser,
but in the log window, you should see a lot of messages scroll by as Squid
downloads the site for you and stores it in its cache. This is all allowed
because the default configuration allows access to the localhost.
Go back to the config editor window and add the following before the last
two http_access lines:
Click here to view code image
http_access deny localhost
So, the last three lines should look like this:
Click here to view code image
http_access deny localhost
http_access allow localhost
http_access deny all
Save the file and quit your editor. Then run this command:
Click here to view code image
matthew@seymour:~$ kill -SIGHUP 'cat /var/run/squid.pid'
This looks for the process ID (PID) of the squid daemon and then sends the
SIGHUP signal to it, which forces it to reread its configuration file while
running. You should see a string of messages in the log window as Squid
rereads its configuration files. If you now go back to Firefox and enter a new
URL, you should see a Squid error page, informing you that you do not have
access to the requested site.
The reason you are now blocked from the proxy is because Squid reads its
ACL lines in sequence, from top to bottom. If it finds a line that conclusively
allows or denies a request, it stops reading and takes the appropriate action.
So, in the previous lines, localhost is being denied in the first line and
then allowed in the second. When Squid sees localhost asking for a site,
it reads the deny line first and immediately sends the error page; it does not
even get to the allow line. Having a deny all line at the bottom is highly
recommended so that only those you explicitly allow are able to use the
proxy.
Go back to editing the configuration file and remove the deny localhost
and allow localhost lines. This leaves only deny all, which blocks