I'm using Squid 3.4 on Debian, and I want to know how to allow certain sub-URLs while banning the rest of them.
Particularly, I want to ban access to reddit.com/* but allow access to reddit.com/r/foo/* and reddit.com/r/foo/
acl bad url_regex reddit\.com.*
acl good url_regex reddit\.com.*foo*
http_access deny bad
http_access allow good
...
http_access allow localnet
http_access allow localhost
http_access deny all
This code doesn't seem to work, and everything at reddit.com ends up getting blocked. How can I get the configuration I want?
Edit: Updated configuration that still doesn't work:
acl good url_regex http(s)?://(www\.)?reddit\.com/r/foo.*
acl bad url_regex http(s)?://(www\.)?reddit\.com.*
http_access allow good
http_access deny bad
...
http_access allow localnet
http_access allow localhost
http_access deny all
This has the opposite effect of the previous code; it allows access to all of reddit.com (which I don't want).
Best Answer
For anyone else like me that stumbles across this post looking for an answer. The reason is that squid can't see the full URL for HTTPS requests, only the domain.
You can do a url_regex only for HTTP connections. You have to do a dstdomain for HTTPS connections.
It's down to the way proxy CONNECT works and not a Squid issue..