Time for action – testing a complex access control
An access control involving IP addresses from different subnets is a bit difficult to test but can be tested using the squidclient. This can be done by creating virtual or alias network interfaces on the machine. For example, the IP address of our proxy server is 192.168.36.204 and we have the following access control configuration in our squid.conf, which we want to test:
acl bad_guys src 10.1.33.9 10.1.33.182 http_access deny bad_guys
We can't test these rules directly as our IP address is different from the clients we have blocked and Squid will check for the source IP address in the requests. However, we can use option -l, which is available with the squidclient, which will bind it to a different IP address while sending requests to the Squid proxy server. To achieve this, we need to create an alias network interface on our server. In most Linux/Unix-based systems, this can be achieved by using the following command:
ifconfig eth0:0 10...
