Hello, here I setup a squid service on opensuse 15.,4, and the major part is to deny all non-localhost to access by squid. But I verifed from any testing OS with this one as proxy, still can download anything. Anyone know about how to set acl to let squid work really?

INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

#acl hhq src 172.16.24.8/23
#acl blacklist dstdomain .apple.com

Example rule allowing access from your local networks.

Adapt localnet in the ACL section to list your (internal) IP networks

from where browsing should be allowed

http_access allow localnet
http_access allow localhost

And finally deny all other access to this proxy

#http_access deny blacklist
#http_access allow hhq
http_access deny all

Squid normally listens to port 3128

http_port 3128

Actually this is a pure squid acl setting issue, because I moved the squid service to other OS platform like centos, same issue. Looks an initial squid service with default acl settings[I think by default, it deny all src IPs except localhost] doesn’t actually block access. So my question is how to enable squild service with really working.