Squid 3 block images while using parent proxy

Question

I have a squid server set up to route all my requests through another proxy without having to add the authentication for the proxy from the client.

This is my squid config

acl local_net src all
pid_filename ussquidi
acl bad_url dstdomain "/etc/squid3/bad-sites.squid"
acl FORBIDDEN_EXT urlpath_regex \.(jpg|png|jpeg|gif|bmp|ico)$ 
http_access allow local_net
http_access deny bad_url
http_access deny FORBIDDEN_EXT
http_port 8901
dns_nameservers 8.8.8.8
never_direct allow all
cache_peer zproxy.luminati.io parent 22225 0 no-query default proxy-only login=lum-customer-strawhouselabs-zone-gen:xxxxxxxx
cache_peer_access zproxy.luminati.io allow local_net

The problem is when connecting through this proxy, I am trying to block images as well as a list of urls I have deemed as "bad", as you can see by the bad_url acl and FORBIDDEN_EXT acl. Unfortunately neither images or the bad urls are being blocked by the squid proxy, they still show in the squid logs as a TCP/MISS that is allowed to go through to the final destination.

I think I am missing something about using squid ACL's with the cache_peer parent settings, it does not seem to use any of the http_access deny rules I have set.

Answer 1

You could simply use cache_peer_access to deny request using your deny acls

cache_peer_access zproxy.luminati.io deny bad_url FORBIDDEN_EXT

try this above the line

cache_peer_access zproxy.luminati.io allow local_net

so your config should look like

cache_peer zproxy.luminati.io parent 22225 0 no-query default proxy-only login=lum-customer-strawhouselabs-zone-gen:xxxxxxxx
cache_peer_access zproxy.luminati.io deny bad_url FORBIDDEN_EXT
cache_peer_access zproxy.luminati.io allow local_net