ACLs control who is allowed to access which web pages when.

acl name type definition1 definition2 definition3 ...

Examples:

acl access_to_google dstdomain .google.com
acl access_to_search_engines dstdomain .yahoo.com .google.com
acl access_from_marketing_department src 10.52.0.0/16
acl need_to_authenticate proxy_auth

You can also use lists of definitions that are stored in files on your hard disk. Let’s assume you have a list of search engines URLs that you want to allow:

/etc/squid/search-engines-urls.txt

.google.com
.yahoo.com
.altavista.com

Then the ACL for that file would look like:

acl access_to_search_engines dstdomain "/etc/squid/search-engines-urls.txt"

Defining the ACLs alone does not actually block anything – it’s just a definition.

ACLs can be used in various places of your squid.conf.

The most useful feature is the http_access statement.

It works similar to the way a firewall would handle rules.

For each request that Squid receives it will look through all the http_access statements in order until it finds a line that matches.

It then either accepts or denys depending on your setting.

The remaining rules are ignored.

The general syntax of an http_access line is:

http_access (allow|deny) acl1 acl2 acl3 ...

Example:

http_access allow accesses_from_admins
http_access deny accesses_to_porn_urls
http_access allow accesses_during_lunchtime
http_access deny all

This would allow accessing from the admins (whatever that ACL looks like – probably a src ACL pointing to the subnet where the admin workstations are in).

For everyone else it will deny accesses to porn URLs.

Then it would allow accesses from everyone to every web site during lunch time.

And finally all other accesses would be denied.