# TAG: http_access# Allowing or Denying access based on defined access lists## To allow or deny a message received on an HTTP, HTTPS, or FTP port:# http_access allow|deny [!]aclname ...## NOTE on default values:## If there are no "access" lines present, the default is to deny# the request.## If none of the "access" lines cause a match, the default is the# opposite of the last line in the list. If the last line was# deny, the default is allow. Conversely, if the last line# is allow, the default will be deny. For these reasons, it is a# good idea to have an "deny all" entry at the end of your access# lists to avoid potential confusion.## This clause supports both fast and slow acl types.# See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.##Default:# Deny, unless rules exist in squid.conf.### Recommended minimum Access Permission configuration:## Deny requests to certain unsafe ports# http_access deny !Safe_ports# Deny CONNECT to other than secure SSL ports# http_access deny CONNECT !SSL_ports# Only allow cachemgr access from localhost# http_access allow localhost manager# http_access deny manager# We strongly recommend the following be uncommented to protect innocent# web applications running on the proxy server who think the only# one who can access services on "localhost" is a local user#http_access deny to_localhost## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS## Example rule allowing access from your local networks.# Adapt localnet in the ACL section to list your (internal) IP networks# from where browsing should be allowed#http_access allow localnet# http_access allow localhostacl allowed_domains dstdomain .weixin.qq.com baidu.comhttp_access allow allowed_domains# And finally deny all other access to this proxyhttp_access deny all