192.0.0.255, then 192.0.1.0, 192.0.1.1, all the way through to
192.255.255.255.

The second line uses /16, which means Squid allows IP addresses from
192.168.0.0 to 192.168.255.255. The last line has /24, which allows from
192.168.0.0 to 192.168.0.255.

These addresses are placed into Squid using the src ACL line, as follows:

Click here to view code image
acl internal_network src 10.0.0.0/24

This line creates a category of addresses from 10.0.0.0 to 10.0.0.255. You can
combine multiple address groups together, like this:

Click here to view code image
acl internal_network src 10.0.0.0/24 10.0.3.0/24 10.0.5.0/24
192.168.0.1

This example allows 10.0.0.0 through 10.0.0.255, then 10.0.3.0 through
10.0.3.255, and finally the single address 192.168.0.1.

Keep in mind that if you are using the local machine and you have the web
browser configured to use the proxy at 127.0.0.1, the client IP address will be
127.0.0.1, too. So, make sure you have rules in place for localhost.

As with other ACL lines, you need to enable them with appropriate
http_access allow and http_access deny lines.

Sample Configurations

To help you fully understand how Squid access control works, and to give
you a head start on developing your own rules, the following are some ACL
lines you can try. Each line is preceded with one or more comment lines
(starting with a #) explaining what it does:

Click here to view code image

include the domains news.bbc.co.uk and slashdot.org

and not newsimg.bbc.co.uk or www.slashdot.org.

acl newssites dstdomain news.bbc.co.uk slashdot.org

#   include any subdomains  or  bbc.co.uk   or  slashdot.org

acl newssites   dstdomain   .bbc.co.uk  .slashdot.org

#   only    include sites   located in  Canada

acl canadasites dstdomain   .ca

#   only    include working hours