squid

vi /etc/squid/squid.conf

只需配置两个地方 acl 和http_access

acl 变量名1 arp MAC列表                   #00:1e:90:b1:d8:7f
acl 变量名2 src IP地址列表                #192.168.1.2

acl 变量名3 dstdomain 可访问的网页列表     # .163.com
acl 变量名4 url_regex -i 可访问的网页列表  # http://www.163.com/

http_access allow [变量名1 | 变量名2]      #表示可访问所有页面  
http_access allow [变量名1 | 变量名2] [变量名3 | 变量名4]   #只可访问列明的网页

#########################################
acl CONNECT method CONNECT

#zhang
acl allowed_mac arp "/etc/squid/allowedmac"
acl allowed_ip src "/etc/squid/allowedip"
acl corp_all src 172.17.103.0/24
acl corp_all src 172.17.102.0/24
acl corp_all src 10.99.253.0/24

acl corp_allowsites dstdomain "/etc/squid/corp_allowsite"
acl corp_allow_url url_regex -i "/etc/squid/corp_allow_url"

acl bhcorp_allowedip  src "/etc/squid/bhcorp_allowedip"

acl seds_allowedmac arp "/etc/squid/seds_allowedmac"
acl seds_allowsite dstdomain "/etc/squid/seds_allowsite"

#  TAG: http_access

###################################################3

# And finally deny all other access to this proxy

http_access allow localhost

#zhang

http_access allow allowed_mac
http_access allow allowed_ip

http_access allow corp_all corp_allowsites
http_access allow corp_all corp_allow_url

http_access allow bhcorp_allowedip
http_access allow seds_allowedmac seds_allowsite

http_access deny all

#  TAG: http_access2

 

[root@corplx1 squid] cat corp_allowsite
.dhl.com.hk

[root@corplx1 squid]# cat corp_allow_url
http://www.excite.co.jp/world