I am trying to use the Splash page feature that squid has, but I am trying to have it used only on certain subnet. I cannot figure out a way to use two ACLs to do this.
I have the following in my squid3.conf file
external_acl_type sessions ttl=60 concurrency=100 %SRC /usr/lib/squid3/squid_session -t 7200 -b /tmp/squidcache/sessions.db
acl guests external sessions src 192.168.200.0/24
acl trusted 192.168.1.0/24
deny_info http://192.168.200.5/splash.html guests
http_access deny !guests
This does present the splash page, but to both networks.
Has anyone run into this before?
Cheers,
Jim
Best Answer
You cannot add extra condition to
acl guests
this way — each squid ACL may have only a single type (you may implement “or” logic with multipleacl
lines for the same ACL, but not “and”). Extra parameters on theacl NAME external TYPE ...
line are actually appended to the command line of the external helper.Also you have a syntax error on the next line (the
src
keyword is missing), but thetrusted
acl is not used in your config snippet anyway.The proper way to write these rules is to add a separate ACL for the IP range, and use multiple ACLs in the
http_access
line: