Squid Proxy Splash Page based on Subnet

PROXYsquid

I am trying to use the Splash page feature that squid has, but I am trying to have it used only on certain subnet. I cannot figure out a way to use two ACLs to do this.

I have the following in my squid3.conf file

external_acl_type sessions ttl=60 concurrency=100 %SRC /usr/lib/squid3/squid_session -t 7200 -b /tmp/squidcache/sessions.db
acl guests external sessions src 192.168.200.0/24
acl trusted 192.168.1.0/24

deny_info http://192.168.200.5/splash.html guests
http_access deny !guests

This does present the splash page, but to both networks.

Has anyone run into this before?

Cheers,

Jim

Best Answer

You cannot add extra condition to acl guests this way — each squid ACL may have only a single type (you may implement “or” logic with multiple acl lines for the same ACL, but not “and”). Extra parameters on the acl NAME external TYPE ... line are actually appended to the command line of the external helper.

Also you have a syntax error on the next line (the src keyword is missing), but the trusted acl is not used in your config snippet anyway.

The proper way to write these rules is to add a separate ACL for the IP range, and use multiple ACLs in the http_access line:

external_acl_type sessions ttl=60 concurrency=100 %SRC /usr/lib/squid3/squid_session -t 7200 -b /tmp/squidcache/sessions.db

acl guests_ip src 192.168.200.0/24
# can add more "acl guests_ip src ..." here

acl guests_sessions external sessions

deny_info http://192.168.200.5/splash.html guests_sessions
http_access deny guests_ip !guests_sessions
Related Topic