everyone (including the localhost) from accessing the proxy. Now you
are going to add some conditional allow statements. You want to allow
localhost only if it fits certain criteria.
Defining access criteria is done with the acl lines, so above the deny all
line, add this:
Click here to view code image
acl newssites dstdomain news.bbc.co.uk slashdot.org
http_access allow newssites
The first line defines an access category called newssites, which contains
a list of domains (dstdomain). The domains are news.bbc.co.uk and
slashdot.org, so the full line reads “Create a new access category called
news sites that should filter on domain and contain the two domains listed.” It
does not say whether access should be granted or denied to that category; that
comes in the next line. The line http_access allow newssites
means “Allow access to the category news sites with no further restrictions.”
It is not limited to localhost, which means it applies to every computer
connecting to the proxy server.
Save the configuration file and rerun the kill -SIGHUP line from before
to restart Squid; then go back to Firefox and try loading www.ubuntu.com.
You should see the same error as before because that was not in your
newssites category. Now try http://news.bbc.co.uk, and it should work.
However, if you try www.slashdot.org, it will not work, and you might also
have noticed that the images did not appear on the BBC News website either.
The problem here is that specifying slashdot.org as the website is specific: It
means that http://slashdot.org will work, whereas www.slashdot.org will not.
The BBC News site stores its images on the site http://newsimg.bbc.co.uk,
which is why they do not appear.
Go back to the configuration file and edit the newssites ACL to this:
Click here to view code image
acl newssites dstdomain .bbc.co.uk .slashdot.org
Putting the period in front of the domains (and in the BBC’s case, taking the
news off, too) means that Squid will allow any subdomain of the site to work,
which is usually what you want. If you want even more vagueness, you can
just specify .com to match *.com addresses.
Moving on, you can also use time conditions for sites. For example, if you
want to allow access to the news sites in the evenings, you can set up a time
category by using this line: