I've had a problem with acl's doing the wrong thing. If someone else has seen
the problem and better has a solution, I'd be most pleased to hear of it.
Scenario : SGI IRIX 5.3 , Squid 1.0 beta 11 compiled with gcc
Squid cache/accelorator on port 80
Real Web server port 8080 ,
same box 137.1111.128.157/www.mq.edu.au running both
acl ourstuff domain .mq.edu.au
acl us 137.111.0.0/255.255.0.0
http_access deny !us !ourstuff
I've been getting reports from outsiders saying I can access the server.
In the logs:
.... GET http://www.mq.edu.au/... OK
.... GET http://137.111.128.157/... DENIED !
I ask a friend on the outside to try connecting using both forms , name and IP
address. When I check the logs for his connections I see either way as
.... GET http://www.mq.edu.au/... OK
It would seem squid does a pattern match and is somehow sometimes incorrectly
fed an IP address rather than a name, and the IP address doesn't end
.mq.edu.au.
Could it be a dns problem? Unlikely as the name servers are topologically
close.
--
Leigh HUME (wearing a private hat unless otherwise stated)
-----------------------------------------------------------------------------
Phone: +61 2 850 7399 (messages) | Email: lhume@iliad.lib.mq.edu.au
+61 41 924 3866 (mobile) | lhume@mpce.mq.edu.au
Fax: +61 2 850 7590 | Leigh.HUME@mq.edu.au
-----------------------------------------------------------------------------
Post: Dr Leigh HUME, Library, Macquarie University 2109, AUSTRALIA
-----------------------------------------------------------------------------
Received on Tue Jun 04 1996 - 01:45:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:28 MST